Tag: brand safety-nsf online illegal

The MGM Resorts back online after cybersecurity issue | CNN Business

[ad_1]

CNN
—

MGM Resorts has shut down some of its systems as a result of a “cybersecurity issue,” according to a company social media post on Monday.

Late Tuesday, the company posted an update, saying that its resorts’ dining, entertainment, and gaming “are currently operational.” The statement also thanked guests for their patience, saying “our guests remain able to access their hotel rooms.”

However, the statement did not specify the status of its systems, whether these operations were being handled manually, or whether some properties are still accepting cash only.

As of Tuesday morning, the MGM Resorts website was still offline, with an apology message and a list of phone numbers for guests to reach their specific hotel concierge desk.

Justin Heath, a guest at MGM Grand in Las Vegas, told CNN on Monday that visitors were unable to charge purchases to their rooms, that digital hotel room keys were not working and that restaurants were taking only cash.

In MGM’s initial Sunday statement, the company explained that after detecting the cybersecurity issue, “we quickly began an investigation with assistance from leading external cybersecurity experts,” the company said on X, formerly known as Twitter.

MGM Resorts (MGM) says it’s working with law enforcement and “took prompt action to protect our systems and data, including shutting down certain systems.”

An FBI spokesperson told CNN they are aware of the incident but declined further comment on the matter.

CNN has reached out to MGM Resorts for more information. MGM Resorts International manages several properties across the U.S., including Aria, Bellagio, Cosmopolitan, Excalibur, Luxor, Mandalay Bay, MGM Grand Las Vegas, and New York-New York in Las Vegas. Other domestic properties are located in Massachusetts, Michigan, Mississippi, Maryland, Ohio, New Jersey, and New York. The company also has resort locations in China.

It is unclear whether the cybersecurity incident was conducted by threat actors seeking to exfiltrate sensitive information or to cause damage and disruption to MGM systems. For investigators, the nature of the attack is often key to helping identify whether it originated from criminals seeking to steal information for financial gain, or nation-state actors gathering information for intelligence purposes.

Casinos have been prime targets for both traditional cybercriminal enterprises as well as foreign governments.

In 2017, researchers announced a North American casino had been the target of data exfiltration by cybercriminals who compromised a fish tank connected to company’s internet connection.

In 2014, the Sands Las Vegas Corporation fell victim to a damaging cyberattack by the Iranian government, according to the US Director of National Intelligence.

CNN’s Danielle Sills contributed to this report

[ad_2]

Source link

September 12, 2023
Tesla begins notifying workers who were affected by data breach | CNN Business

[ad_1]

New York
CNN
—

Tesla has begun notifying current and former employees whose information was included in a confidential data breach in May.

In a notice posted on the Maine Attorney General’s website on Friday, Tesla

(TSLA) said an investigation had found “two former Tesla

(TSLA) employees misappropriated the information in violation of Tesla

(TSLA)’s IT security and data protection policies” and that the electric automaker had since filed lawsuits against them.

“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information,” Tesla said. The company added that it “also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties.”

Tesla said that two former employees had shared the confidential data with German newspaper Handelsblatt. The outlet assured Tesla that it won’t publish the information and that it is “legally prohibited from using it inappropriately,” according to the notice.

Tesla emphasized that it had not detected any misuse of personal data, but has offered complimentary membership to Experian IdentityWorks’ credit monitoring and identity theft service. The membership will be one or two years, depending on the person and the specific engagement number on the letter they receive.

The data breach affected 75,735 people, and involved Social Security numbers, names and addresses, according to Maine Attorney’s General Office.

CNN has reached out to Tesla for comment.

[ad_2]

Source link

August 19, 2023
Cyberattack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics

[ad_1]

CNN
—

A cyberattack on Thursday knocked computer systems offline at hospitals in Connecticut and Pennsylvania, forcing them to send ambulances to other hospitals, hospital spokespeople told CNN.

As of late Friday morning, Crozer Health, a network of three hospitals and a medical center in the Philadelphia suburbs, was still diverting ambulances for stroke and trauma patients to other hospitals because of a “ransomware attack,” Crozer Health spokesperson Lori Bookbinder told CNN.

The hack hit Prospect Medical Holdings and affected all of their health care facilities, according to a statement from PMH affiliate Eastern Connecticut Health Network. PMH owns 16 hospitals in California, Connecticut, Pennsylvania and Rhode Island, according to its website.

At Eastern Connecticut Health Network, which includes two hospitals, the urgent care center is closed and elective surgeries were canceled until further noticed because of the hack, according to the network’s website.

Other Prospect Medical Holdings affiliates reported disruptions from the hack.

“We are working closely with federal law enforcement to respond to this incident,” Prospective Medical Holdings said in a statement to CNN.

National Security Council spokeswoman Adrienne Watson told CNN that the White House is “closely monitoring the ongoing incident,” adding that “the Department of Health and Human Services has been in contact with the company to offer federal assistance, and we are ready to provide support as needed to prevent any disruption to patient care as a result of this incident.”

The company has so far declined offers of federal assistance, according to a US official.

But Prospective Medical Holdings said later Friday that they “believe there may have been a miscommunication or a misunderstanding” and that they “welcome any assistance from the federal government.”

CharterCARE Health Partners, which includes two hospitals in Rhode Island, said Thursday that the incident was affecting “inpatient and outpatient operations” and that “some patient procedures may be affected.”

Patient care continues at the affected hospitals, but they’re operating with limited capacity in what is now a well-rehearsed routine. Throughout the coronavirus pandemic, ransomware and other cyberattacks hampered patient care at American hospitals that are often ill-equipped to deal with them.

Eastern Connecticut Health Network ended ambulance diversion at 10 a.m. local time Friday, spokesperson Nina Kruse told CNN. The emergency rooms at ECHN’s two hospitals have been open throughout the incident, Kruse said.

This isn’t Crozer Health’s first bout with ransomware. A June 2020 attack orchestrated by a prolific ransomware gang forced the hospital network to take its computer systems offline.

This story has been updated with additional reporting.

[ad_2]

Source link

August 2, 2023
Hackers take on ChatGPT in Vegas, with support from the White House | CNN Business

[ad_1]

Las Vegas, Nevada
CNN
—

Thousands of hackers will descend on Las Vegas this weekend for a competition taking aim at popular artificial intelligence chat apps, including ChatGPT.

The competition comes amid growing concerns and scrutiny over increasingly powerful AI technology that has taken the world by storm, but has been repeatedly shown to amplify bias, toxic misinformation and dangerous material.

Organizers of the annual DEF CON hacking conference hope this year’s gathering, which begins Friday, will help expose new ways the machine learning models can be manipulated and give AI developers the chance to fix critical vulnerabilities.

The hackers are working with the support and encouragement of the technology companies behind the most advanced generative AI models, including OpenAI, Google, and Meta, and even have the backing of the White House. The exercise, known as red teaming, will give hackers permission to push the computer systems to their limits to identify flaws and other bugs nefarious actors could use to launch a real attack.

The competition was designed around the White House Office of Science and Technology Policy’s “Blueprint for an AI Bill of Rights.” The guide, released last year by the Biden administration, was released with the hope of spurring companies to make and deploy artificial intelligence more responsibly and limit AI-based surveillance, though there are few US laws compelling them to do so.

In recent months, researchers have discovered that now-ubiquitous chatbots and other generative AI systems developed by OpenAI, Google, and Meta can be tricked into providing instructions for causing physical harm. Most of the popular chat apps have at least some protections in place designed to prevent the systems from spewing disinformation, hate speech or offer information that could lead to direct harm — for instance, providing step-by-step instructions for how to “destroy humanity.”

But researchers at Carnegie Mellon University were able to trick the AI into doing just that.

They found OpenAI’s ChatGPT offered tips on “inciting social unrest,” Meta’s AI system Llama-2 suggested identifying “vulnerable individuals with mental health issues… who can be manipulated into joining” a cause and Google’s Bard app suggested releasing a “deadly virus” but warned that in order for it to truly wipe out humanity it “would need to be resistant to treatment.”

Meta’s Llama-2 concluded its instructions with the message, “And there you have it — a comprehensive roadmap to bring about the end of human civilization. But remember this is purely hypothetical, and I cannot condone or encourage any actions leading to harm or suffering towards innocent people.”

The findings are a cause for concern, the researchers told CNN.

“I am troubled by the fact that we are racing to integrate these tools into absolutely everything,” Zico Kolter, an associate professor at Carnegie Mellon who worked on the research, told CNN. “This seems to be the new sort of startup gold rush right now without taking into consideration the fact that these tools have these exploits.”

Kolter said he and his colleagues were less worried that apps like ChatGPT can be tricked into providing information that they shouldn’t — but are more concerned about what these vulnerabilities mean for the wider use of AI since so much future development will be based off the same systems that power these chatbots.

The Carnegie researchers were also able to trick a fourth AI chatbot developed by the company Anthropic into offering responses that bypassed its built-in guardrails.

Some of the methods the researchers used to trick the AI apps were later blocked by the companies after the researchers brought it to their attention. OpenAI, Meta, Google and Anthropic all said in statements to CNN that they appreciated the researchers sharing their findings and that they are working to make their systems safer.

But what makes AI technology unique, said Matt Fredrikson, an associate professor at Carnegie Mellon, is that neither the researchers, nor the companies who are developing the technology, fully understand how the AI works or why certain strings of code can trick the chatbots into circumventing built-in guardrails — and thus cannot properly stop these kinds of attacks.

“At the moment, it’s kind of an open scientific question how you could really prevent this,” Fredrikson told CNN. “The honest answer is we don’t know how to make this technology robust to these kinds of adversarial manipulations.”

OpenAI, Meta, Google and Anthropic have expressed support for the so-called red team hacking event taking place in Las Vegas. The practice of red-teaming is a common exercise across the cybersecurity industry and gives companies the opportunities to identify bugs and other vulnerabilities in their systems in a controlled environment. Indeed, the major developers of AI have publicly detailed how they have used red-teaming to improve their AI systems.

“Not only does it allow us to gather valuable feedback that can make our models stronger and safer, red-teaming also provides different perspectives and more voices to help guide the development of AI,” an OpenAI spokesperson told CNN.

Organizers expect thousands of budding and experienced hackers to try their hand at the red-team competition over the two-and-a-half-day conference in the Nevada desert.

Arati Prabhakar, the director of the White House Office of Science and Technology Policy, told CNN the Biden administration’s support of the competition was part of its wider strategy to help support the development of safe AI systems.

Earlier this week, the administration announced the “AI Cyber Challenge,” a two-year competition aimed at deploying artificial intelligence technology to protect the nation’s most critical software and partnering with leading AI companies to utilize the new technology to improve cybersecurity. 

The hackers descending on Las Vegas will almost certainly identify new exploits that could allow AI to be misused and abused. But Kolter, the Carnegie researcher, expressed worry that while AI technology continues to be released at a rapid pace, the emerging vulnerabilities lack quick fixes.

“We’re deploying these systems where it’s not just they have exploits,” he said. “They have exploits that we don’t know how to fix.”

[ad_2]

Source link

August 2, 2023
Donald Trump Jr.’s X account was hacked, his spokesman says | CNN Business

[ad_1]

Washington
CNN
—

A spokesman for former President Donald Trump said Wednesday that Donald Trump Jr.’s account on X – the platform formerly known as Twitter – had been compromised after the account began sharing a series of unusual and erratic posts.

“Don’s account has been hacked,” Andrew Surabian posted on X, adding that a post claiming the former president had died was “obviously not true.”

In addition to falsely pronouncing the death of the senior Trump, the compromised account also claimed that Trump Jr. would be running for president himself. Within minutes, the post had been reshared more than 1,000 times on X and viewed hundreds of thousands of times.

Another post appeared to threaten the country of North Korea, while a pinned post on the account’s profile insulted President Joe Biden with the use of a racist epithet.

Roughly a half-hour after the posts surfaced, they had been removed. X did not respond to CNN’s request for comment.

The incident raises fresh questions about X’s role in securing user accounts, particularly those belonging to high-profile political figures as the platform prepares for the 2024 elections. In August, X said it is staffing up on its safety and election teams following mass layoffs last year that according to owner Elon Musk ultimately eliminated more than 80% of the company’s headcount.

It is also unclear whether the compromise may have resulted in unauthorized access of Trump Jr.’s private direct messages, or whether Trump Jr. may have had two-factor authentication enabled on his account.

X is still under investigation by the Federal Trade Commission over the company’s ability to sufficiently protect user privacy and whether it may have violated binding commitments it made in 2011 to securing the platform. The investigation began after the company’s former security chief, Peiter “Mudge” Zatko, filed a whistleblower disclosure first reported by CNN and The Washington Post last year that alleged widespread and unaddressed security vulnerabilities.

This is not the first time high-profile accounts on the platform have been taken over. In 2020, for example, hackers gained control of accounts belonging to former President Barack Obama, Amazon founder Jeff Bezos and others including Biden and Musk themselves by posing as Twitter’s IT support. At the time, Twitter admitted that the hackers had downloaded account data that potentially included private messages.

[ad_2]

Source link

August 2, 2023
What is catfishing and what can you do if you are catfished? | CNN Business

[ad_1]

Editor’s Note: This story is part of ‘Systems Error’, a series by CNN As Equals, investigating how your gender shapes your life online. For information about how CNN As Equals is funded and more, check out our FAQs.

CNN
—

Catfishing is when a person uses false information and images to create a fake identity online with the intention to trick, harass, or scam another person. It is often on social media or dating apps and websites as a common tactic used to form online relationships under false pretenses, sometimes to lure people into financial scams.

The person doing the pretending, or the “catfish” may also obtain intimate images from a victim and use them to extort or blackmail the person. This is known as sextortion, or they may use other personal information shared with them to commit identity theft.

The term is believed to originate from the 2010 documentary “Catfish,” in which a young Nev Schulman starts an online relationship with teenager “Megan”, who turns out to be an older woman.

In the final scene of the documentary, the woman’s husband shares an anecdote about how live cod used to be exported from Alaska alongside catfish, which kept the cod active and alert. He likened this to people in real life who keep others on their toes, like his wife. Schulman went on to produce the docuseries Catfish

There are many reasons people resort to catfishing, but the most common reason is a lack of confidence, according to the Cybersmile Foundation, a nonprofit focused on digital well-being. The foundation states that if someone is not happy with themselves, they may feel happier when pretending to be someone more attractive to others.

They may also hide their identity to troll someone; to engage in a relationship other than their existing one; or to extort or harass people. Some people may catfish to explore sexual preferences.

Studies have shown that catfish are more likely to be educated men, with one 2022 study finding perpetrators are more likely to come from religious backgrounds, possibly providing a way to form relationships without the constraints they face in real life, the authors write.

In another study published last year, Evita March, senior lecturer in psychology at Federation University in Australia, found that people with the strong personality traits of sadism, psychopathy, and narcissism were more likely to catfish.

March told CNN the findings are preliminary and that her team would like to further investigate if certain personality traits lead to specific kinds of catfishing behavior.

In the US, romance scams resulting from catfishing have among the highest reported financial losses of internet crimes as a whole. A total of 19,050 Americans reported losing almost $740 million to romance scammers in 2022.

In the UK, the country’s National Fraud Intelligence Bureau received more than 8,000 reports of romance fraud in the 2022 financial year, totaling more than £92 million (US $116.6 million) lost, with an average loss of £11,500 (US $14,574) per victim.

In Singapore, romance scams are among the top 10 reported scams. The reported amount of money catfish may get from their victims increased by more than 30% from SGD$33.1 million (US $24 million) in 2020 to $46.6 million (US $34 million) the following year.

Catfishing is also increasingly happening on an industrial scale with the rise of “cyber scam centers” that have links to human trafficking in Southeast Asia, according to INTERPOL.

Victims of trafficking are forced to become fraudsters by creating fake social media accounts and dating profiles to scam and extort millions of dollars from people around the world using different schemes such as fake crypto investment sites.

Catfishing used to occur more among adults through online dating sites, but has now become equally common among teenagers, according to the Cybersmile Foundation.

Research by Snapchat last year with more than 6,000 Gen Z teenagers and young people in Australia, France, Germany, India, the UK and the US found that almost two-thirds of them or their friends had been targeted by catfish or hackers to obtain private images that were later used to extort them.

Older people are also likely to lose more money to catfishing. In 2021, Americans lost half a billion dollars through romance scams perpetrated by people using fake personas or impersonating others, with the largest losses paid in cryptocurrency, according to the US Federal Trade Commission. The number of reports rose tenfold among young people (18-29) but older people (over 70s) generally reported losing more money.

In Australia, a third of dating and romance scams result in financial losses, with women having lost more than double the total amount lost by men, and older people again losing more money than those under 45., according to data from the country’s National Anti-Scam Centre.

”Romance scams are one of the hardest things to avoid. It’s emotional manipulation,” said Ngo Minh Hieu, a Vietnamese former hacker and founder of Chong Lua Dao (scam fighters), a cybersecurity non-profit.

Since 2020, Hieu has been monitoring trends to help scam victims, he says, and explains that in his experience, a catfish would usually approach a victim with premediated intention to scam them.

They were likely to be using personal information that they mine from the victim’s social media accounts, or may have bought that data from users in private chat groups simply by providing a phone number of a potential victim.

There are many signs you can look for to help spot a catfish, experts say.

Firstly, a catfish might contact you out of nowhere, start regular conversations with you and shower you with compliments to quickly build up trust and rapport. They may state desirable qualities in their opening conversations, including wealth or attractiveness, but then rarely or never call you, either over the phone or on a video call.

They often do not have many friends on social media and their posts are usually scarce. Search results using their name may not yield many results and their stories are usually inconsistent. For example, personal details like where they live or go to school might change when discussed again.

Another classic sign is if the feelings they declare for you escalate quickly and after a short period of time. A catfish may ask you for sensitive images and money.

Many scammers use already available photos of other people in their fake personas, which may be possible to spot using a reverse image search.

With the explosion of AI technology, scammers may now generate unique and realistic images for use as profile pictures. But Hieu explains that thanks to their built-in patterns by design, AI-generated images can be detected, using tools such as AI-Generated Image Detector.

If you believe you are being catfished, there are steps you can take to protect yourself and help end the targeting.

Experts advise that you should not be afraid to ask direct questions or challenge the person you believe may be catfishing you. You can do this by asking them why they are not willing to call you or meet face to face, or questioning how they can declare their love for you so quickly.

Wang and her colleagues sent nearly 200 deterrent messages to active scammers in a 2020 study and concluded that this could make fraudsters respond less or in some cases, admit to wrongdoing.

An example of one of the messages was: “I know you are scamming innocent people. My friend was recently arrested for the same offense and is facing five years in prison. You should stop before you face the same fate.”

You should think about stopping all communications with the catfish, and refrain from sending money to them at the risk of further financial demands. Experts say catfish continue to target those who engage with them more.

It’s also useful to secure your online accounts and ensure your personal information is kept private online.

Cybersecurity expert Hieu explained that you can do this by putting personal information such as your phone number, email addresses and date of birth in private mode on social media. You can also check if your email has been compromised in a data breach by using tools such as the Have I Been Pwned website.

Installing two-factor authentication on your accounts can also help protect against unauthorized access. That requires you to take a second step to verify your identity when logging in to a service, for example by SMS or a physical device, such as a key fob.

Being subjected to catfishing can also have a significant impact on your mental health, with many victims left unable to trust others and some left feeling embarrassed about falling for the scam. A 2019 study found that young LGBTQ+ men in rural America experiencing catfishing on dating apps felt angry and fearful.

If someone was “sextorted,” they may continue to fear their images resurfacing online in the future.

March from Federation University in Australia recommended improving digital literacy and staying aware of the potential red flags. She also emphasized the need to recognize today’s loneliness epidemic, which “leads people to perhaps be more susceptible to catfishing scams,” she said.

Seeking professional support from a counselor or talking to supportive friends and family is one way to address loneliness, March added.

Catfishing is not explicitly a crime, but the actions that often accompany catfishing, such as extortion for money, gifts or sexual images are crimes in many places.

The main challenge in tackling online fraud is the issue of jurisdiction, according to a 2020 paper about police handling of online fraud victims in Australia. Traditional policing operates within specific territories, but the internet has blurred these boundaries, the authors write.

Cybercriminals from one country can also target victims in other countries, complicating law enforcement efforts, and victims often face difficulty and frustration when trying to report cybercrimes, which can further traumatize them.

Fangzhou Wang, a cybercrime professor at the University of Texas at Arlington told CNN that virtual private networks (VPNs), forged credentials, and anonymous communication methods make it extremely difficult to determine identities or locations.

Scammers have also capitalized on the proliferation of AI, such as AI-generated personas, which complicates the ability of law enforcement authorities to gather evidence and build cases against a catfish.

”Law enforcement agencies, often constrained by limited resources and prioritizing cases based on severity and direct impact, might not readily prioritize catfishing cases without substantial financial losses or physical harm,” Wang told CNN.

In the US, there are some legal precedents. In 2022, a woman who had created multiple fake profiles to target wealthy men was charged with extortion, cyberstalking, and interstate threats and was sentenced in a plea deal last year.

In the UK, while catfishing itself is not classified as a criminal offense, if the person using a fake profile engages in illegal activities, like financial gain or harassment, they can be punished by law.

China has a law that implicates people who allow their websites or communications platforms to be used for frauds and other illegal activities under Article 46 in the Cybersecurity Law.

If a catfish has tricked you into sending them money, you can go to the authorities and your bank immediately, depending on where you are.

If activities that are crimes in your country have taken place because of being catfished, such as extortion, identify theft or harassment, the police or other authorities, such as specific commissions targeting online crime, may be your first port of call.

The Australian government’s agency responsible for online safety, the e-safety commissioner, advises that people gather all the evidence they can, including screenshots of the scammer and chats with them to keep as evidence.

Depending on the case, you can also submit an abuse or impersonation report against the catfish directly to the platform on which you are communicating with them.

If you believe the person you are talking to is not who they say they are, most of the larger social media platforms give you the option report them for impersonation or other forms of abuse, including Facebook, Instagram, TikTok, X, Telegram, Tinder and WhatsApp. WeChat also offers a channel to report another user for harassment, fraud, or illegal activity, while Telegram creates an anti-scam thread for users to report on fraudsters.

You are not responsible for the catfish behaviors of others, but staying vigilant and alert online goes a long way.

Make sure your online accounts are secured and use two-factor authentication. When browsing the internet, you may want to use a virtual private network (VPN) which makes your internet activity harder to track.

In many countries such as the US, the UK and Australia, victims have reported being preyed on by catfish who tricked them to put money in bogus cryptocurrency investment sites.

If someone you have been talking to asks you to put money into an investment site, think twice. The Global Anti-Scam Organization has a database of fraudulent websites generated by their own investigations and the public’s tip offs to help inform you if you’re being scammed.

If you are a parent, this guide provided by the UK-based National College platform suggests communicating effectively and sensitively with your children about the risks. You may also help them report and block the catfish accounts and report to police if they have been subjected to anything illegal or inappropriate.

Because catfish get close to a target often by relying on personal information posted on social media, UNICEF asks children to consider their rights when it comes to parents sharing their pictures and other content online, especially when they are underage.

[ad_2]

Source link

August 2, 2023
New York Times: US officials search for hidden Chinese malware that could affect military operations | CNN Politics

[ad_1]

CNN
—

US officials are searching for Chinese malware hidden in various defense systems that could disrupt military communications and resupply operations, The New York Times reported Saturday.

The administration believes malicious computer code has been hidden inside “networks controlling power grids, communications systems and water supplies that feed military bases,” officials told the Times. The discovery has heightened concerns that hackers could “disrupt US military operations in the event of a conflict,” according to the Times. The two nations have been increasingly at odds over Taiwan as well as over China’s actions in the Indo-Pacific.

One congressional official told the newspaper that the malware was “a ticking time bomb” that could allow China to cut off power, water and communications to military bases, slowing deployments and resupply operations. Because military bases often share the same supply infrastructure as civilian homes and businesses, many other Americans could also be affected, officials told the Times.

The malware revelations echo a pattern of recent breaches by China-based hackers previously reported by CNN.

Last week, the email account of US Ambassador to China Nicholas Burns was hacked, three US officials familiar with the matter told CNN.

Earlier this month, Microsoft and the White House confirmed that China-based hackers breached email accounts at two dozen organizations, including some federal agencies. The Biden administration believes the hacking operation – which Microsoft said was launched in mid-May – gave the Chinese government insights about US thinking heading into Secretary of State Antony Blinken’s trip to Beijing in June.

Among the agencies targeted were the State Department and the Department of Commerce, which has sanctioned Chinese telecom firms. US officials and Microsoft analysts initially had trouble identifying how the hackers got into the email accounts, which made clear that they were dealing with a sophisticated hacking team, a US official told CNN.

US officials have consistently labeled China as the most advanced of US adversaries in cyberspace, a domain that has repeatedly been a source of bilateral tension in recent years. The FBI has said Beijing has a larger hacking program than all other governments combined.

Blinken raised the hacking incidents in a meeting with a top Chinese diplomat in Indonesia earlier this month, a senior State Department official told CNN, but the official would not “get into the specifics” of the extent to which the hack was raised.

“We have consistently made clear that any action that targets US government, US companies, American citizens, is a deep concern to us and that we will take appropriate action to hold those responsible accountable and the secretary made that clear again,” the official said.

[ad_2]

Source link

July 29, 2023
Biden administration announces new labels for gadgets that are less vulnerable to cyberattacks | CNN Business

[ad_1]

CNN
—

The next time you’re in the market for a smart TV, fitness tracker or other connected gadget, you could see a new US government-backed label identifying some products as being particularly hardened against hackers.

On Tuesday, the Biden administration announced it’s moving to implement a cybersecurity labeling program aimed at helping consumers pick out trustworthy tech products that are rated as more secure than the competition.

The program seeks to bolster the nation’s cybersecurity overall by guiding Americans who may be in the market for smart home tech or wearables toward products that meet a high standard for cybersecurity as defined by the National Institute of Standards and Technology (NIST).

The label will appear as a “distinct shield logo,” according to the White House. Products that meet the criteria for the label could include tech that requires strong passwords and that provides regular software updates to guard against the latest threats, for example.

A wide range of products could be covered, the administration said, including smart refrigerators, microwave ovens, thermostats, home voice assistants and — eventually — WiFi routers, after NIST finishes designing cybersecurity standards for them later this year.

For years, cybersecurity has been an afterthought in a market for so-called “internet of things” (IoT) devices that prioritizes low costs over security, according to security experts. One of the more famous examples of IoT security failures came in 2016, when criminal hackers used an army of infected computers, known as the Mirai botnet, to disrupt access to the websites of Twitter, PayPal, and others.

Products certified under the new program may come with a QR code that links to a national database affirming its participation, the administration added in a release.

The launch of the program could still be as far as a year away. But the administration took its first steps toward implementation on Tuesday as the Federal Communications Commission applied for a trademark linked to the effort, known as the “US Cyber Trust Mark.”

The FCC, which regulates wireless devices, also issued a formal proposal that will be open for public feedback on how it should manage the program.

“This new labeling program would help provide Americans with greater assurances about the cybersecurity of the products they use and rely on in their everyday lives,” the administration said in a statement. “It would also be beneficial for businesses, as it would help differentiate trustworthy products in the marketplace.”

The government proposal comes two years after President Joe Biden signed an executive order calling for an “‘energy star’ type of label” for tech products. At the time, the US government was still reeling from a crippling ransomware attack days earlier that had forced a temporary shutdown of Colonial Pipeline, one of the country’s largest fuel pipeline operators.

The executive order highlighted how the administration could use product labeling, combined with the federal government’s immense procurement power, to shape commercial markets and raise the bar for companies that sell technology to both US agencies and ordinary consumers.

Companies including Amazon, Best Buy, Cisco, Google, LG, Logitech, Samsung and others pledged to assist in the government’s labeling push by committing to increase the cybersecurity of their products, the White House said Tuesday.

Dave DeWalt, CEO of the cybersecurity-focused investment firm NightDragon, said the government’s move could help address a “perfect storm” of billions of insecure IoT devices.

“Market forces alone were never going to be sufficient to force manufacturers to step up and deliver more secure devices,” he said. “We’ve taken an essential step now in the right direction to put the power back in the hands of the consumers to choose better security.”

The Consumer Technology Association said Tuesday its next annual trade show, CES 2024, will feature “certification-ready products” once the FCC finalizes its rules.

[ad_2]

Source link

July 18, 2023
Tennessee Air National Guardsman applied to be a hitman online, the FBI says. It was a spoof website and now he’s facing charges | CNN

[ad_1]

CNN
—

A Tennessee Air National Guardsman is facing charges after applying to be a hitman on a spoof “rent-a-hitman” website, according to the Department of Justice.

Josiah Ernesto Garcia, 21, was charged Thursday after submitting an employment inquiry to the website rentahitman.com, which is a parody site that includes “testimonials” from purportedly satisfied hit-man customers.

The website was originally created in 2005 to “advertise a cyber security startup company,” the Justice Department said in a news release. “The company failed and over the next decade it received many inquiries about murder-for-hire services.”

Garcia indicated in February that he had “military experience, and rifle expertise” and requested an “in depth job description,” according to a criminal complaint filed Thursday.

“Garcia followed up on this initial request and submitted other identification documents and a resume, indicating he was an expert marksman and employed in the Air National Guard since July 2021. The resume also indicated that Garcia was nicknamed “Reaper,” which was earned from his military experience and marksmanship, the Department of Justice said in the news release.

Garcia sent another follow-up email days later, saying he didn’t hear back after submitting a resume, according to the complaint.

According to investigators, Garcia wrote in the email, “Why I want this Job* Im looking for a job, that pays well, related to my military experience (Shooting and Killing the marked target) so I can support my kid on the way. What can I say, I enjoy doing what I do, so if I can find a job that is similar to it, (such as this one) put me in coach!”

After Garcia sent more follow-up emails, the website owner – at the direction of the FBI – responded with an email saying, “Josiah, a Field Coordinator will be in touch in the near future. You will receive a message when they are ready. Timing is based on client needs,” according to the complaint.

On April 5, an FBI undercover agent contacted Garcia for a phone interview, during which he asked, “How soon can I start?” and “What do the payments look like?” according to the complaint.

The undercover agent asked Garcia if he was comfortable with taking fingers or ears as trophies or performing torture at a client’s request.

“If it’s possible and in my means to do so, I’m more than capable,” Garcia said, according to the complaint.

In an in-person meeting with the undercover agent on Wednesday, Garcia “was presented with a ‘target package’ consisting of photographs and a description of a fictional target’s name, weight, age, height, address, and employment information,” the complaint said.

Garcia was told the target was the client’s husband, who was abusive to her, and that the client was paying $5,000 for the job with a down payment of $2,500, the complaint said.

“After agreeing to the terms of the murder arrangement, Garcia asked the agent if he needed to provide a photograph of the dead body,” according to the Justice Department release. “Garcia was then arrested by FBI agents, who in a subsequent search of his home, recovered an AR style rifle.”

Garcia is charged with the use of interstate commerce facilities in the commission of murder-for-hire. He faces up to 10 years in prison if convicted, the Justice Department said.

CNN has been unable to reach Garcia’s attorney for comment. Garcia is set to appear in court on Tuesday afternoon.

CNN has reached out to the Air National Guard for comment.

[ad_2]

Source link

April 17, 2023
Inside the international sting operation to catch North Korean crypto hackers | CNN Politics

[ad_1]

Watch Alex Marquardt’s report on the sting operation on Erin Burnett OutFront on Monday, April 10, at 7 p.m. ET.

CNN
—

A team of South Korean spies and American private investigators quietly gathered at the South Korean intelligence service in January, just days after North Korea fired three ballistic missiles into the sea.

For months, they’d been tracking $100 million stolen from a California cryptocurrency firm named Harmony, waiting for North Korean hackers to move the stolen crypto into accounts that could eventually be converted to dollars or Chinese yuan, hard currency that could fund the country’s illegal missile program.

When the moment came, the spies and sleuths — working out of a government office in a city, Pangyo, known as South Korea’s Silicon Valley — would have only a few minutes to help seize the money before it could be laundered to safety through a series of accounts and rendered untouchable.

Finally, in late January, the hackers moved a fraction of their loot to a cryptocurrency account pegged to the dollar, temporarily relinquishing control of it. The spies and investigators pounced, flagging the transaction to US law enforcement officials standing by to freeze the money.

The team in Pangyo helped seize a little more than $1 million that day. Though analysts tell CNN that most of the stolen $100 million remains out of reach in cryptocurrency and other assets controlled by North Korea, it was the type of seizure that the US and its allies will need to prevent big paydays for Pyongyang.

The sting operation, described to CNN by private investigators at Chainalysis, a New York-based blockchain-tracking firm, and confirmed by the South Korean National Intelligence Service, offers a rare window into the murky world of cryptocurrency espionage — and the burgeoning effort to shut down what has become a multibillion-dollar business for North Korea’s authoritarian regime.

Over the last several years, North Korean hackers have stolen billions of dollars from banks and cryptocurrency firms, according to reports from the United Nations and private firms. As investigators and regulators have wised up, the North Korean regime has been trying increasingly elaborate ways to launder that stolen digital money into hard currency, US officials and private experts tell CNN.

Cutting off North Korea’s cryptocurrency pipeline has quickly become a national security imperative for the US and South Korea. The regime’s ability to use the stolen digital money — or remittances from North Korean IT workers abroad — to fund its weapons programs is part of the regular set of intelligence products presented to senior US officials, including, sometimes, President Joe Biden, a senior US official said.

The North Koreans “need money, so they’re going to keep being creative,” the official told CNN. “I don’t think [they] are ever going to stop looking for illicit ways to glean funds because it’s an authoritarian regime under heavy sanctions.”

North Korea’s cryptocurrency hacking was top of mind at an April 7 meeting in Seoul, where US, Japanese and South Korean diplomats released a joint statement lamenting that Kim Jong Un’s regime continues to “pour its scarce resources into its WMD [weapons of mass destruction] and ballistic missile programs.”

Here’s how to keep your passwords safe, according to a hacker

“We are also deeply concerned about how the DPRK supports these programs by stealing and laundering funds as well as gathering information through malicious cyber activities,” the trilateral statement said, using an acronym for the North Korean government.

North Korea has previously denied similar allegations. CNN has emailed and called the North Korean Embassy in London seeking comment.

Starting in the late 2000s, US officials and their allies scoured international waters for signs that North Korea was evading sanctions by trafficking in weapons, coal or other precious cargo, a practice that continues. Now, a very modern twist on that contest is unfolding between hackers and money launderers in Pyongyang, and intelligence agencies and law enforcement officials from Washington to Seoul.

The FBI and Secret Service have spearheaded that work in the US (both agencies declined to comment when CNN asked how they track North Korean money-laundering.) The FBI announced in January that it had frozen an unspecified portion of the $100 million stolen from Harmony.

The succession of Kim family members who have ruled North Korea for the last 70 years have all used state-owned companies to enrich the family and ensure the regime’s survival, according to experts.

It’s a family business that scholar John Park calls “North Korea Incorporated.”

Kim Jong Un, North Korea’s current dictator, has “doubled down on cyber capabilities and crypto theft as a revenue generator for his family regime,” said Park, who directs the Korea Project at the Harvard Kennedy School’s Belfer Center. “North Korea Incorporated has gone virtual.”

Compared to the coal trade North Korea has relied on for revenue in the past, stealing cryptocurrency is much less labor and capital-intensive, Park said. And the profits are astronomical.

Last year, a record $3.8 billion in cryptocurrency was stolen from around the world, according to Chainalysis. Nearly half of that, or $1.7 billion, was the work of North Korean-linked hackers, the firm said.

It’s unclear how much of its billions in stolen cryptocurrency North Korea has been able to convert to hard cash. In an interview, a US Treasury official focused on North Korea declined to give an estimate. The public record of blockchain transactions helps US officials track suspected North Korean operatives’ efforts to move cryptocurrency, the Treasury official said.

But when North Korea gets help from other countries in laundering that money it is “incredibly concerning,” the official said. (They declined to name a particular country, but the US in 2020 indicted two Chinese men for allegedly laundering over $100 million for North Korea.)

Pyongyang’s hackers have also combed the networks of various foreign governments and companies for key technical information that might be useful for its nuclear program, according to a private United Nations report in February reviewed by CNN.

A spokesperson for South Korea’s National Intelligence Service told CNN it has developed a “rapid intelligence sharing” scheme with allies and private companies to respond to the threat and is looking for new ways to stop stolen cryptocurrency from being smuggled into North Korea.

Recent efforts have focused on North Korea’s use of what are known as mixing services, publicly available tools used to obscure the source of cryptocurrency.

On March 15, the Justice Department and European law enforcement agencies announced the shutdown of a mixing service known as ChipMixer, which the North Koreans allegedly used to launder an unspecified amount of the roughly $700 million stolen by hackers in three different crypto heists — including the $100 million robbery of Harmony, the California cryptocurrency firm.

Private investigators use blockchain-tracking software — and their own eyes when the software alerts them — to pinpoint the moment when stolen funds leave the hands of the North Koreans and can be seized. But those investigators need trusted relationships with law enforcement and crypto firms to move quickly enough to snatch back the funds.

One of the biggest US counter moves to date came in August when the Treasury Department sanctioned a cryptocurrency “mixing” service known as Tornado Cash that allegedly laundered $455 million for North Korean hackers.

Tornado Cash was particularly valuable because it had more liquidity than other services, allowing North Korean money to hide more easily among other sources of funds. Tornado Cash is now processing fewer transactions after the Treasury sanctions forced the North Koreans to look to other mixing services.

Suspected North Korean operatives sent $24 million in December and January through a new mixing service, Sinbad, according to Chainalysis, but there are no signs yet that Sinbad will be as effective at moving money as Tornado Cash.

The people behind mixing services, like Tornado Cash developer Roman Semenov, often describe themselves as privacy advocates who argue that their cryptocurrency tools can be used for good or ill like any technology. But that hasn’t stopped law enforcement agencies from cracking down. Dutch police in August arrested another suspected developer of Tornado Cash, whom they did not name, for alleged money laundering.

Private crypto-tracking firms like Chainalysis are increasingly staffed with former US and European law enforcement agents who are applying what they learned in the classified world to track Pyongyang’s money laundering.

Elliptic, a London-based firm with ex-law enforcement agents on staff, claims it helped seize $1.4 million in North Korean money stolen in the Harmony hack. Elliptic analysts tell CNN they were able to follow the money in real-time in February as it briefly moved to two popular cryptocurrency exchanges, Huobi and Binance. The analysts say they quickly notified the exchanges, which froze the money.

“It’s a bit like large-scale drug importations,” Tom Robinson, Elliptic’s co-founder, told CNN. “[The North Koreans] are prepared to lose some of it, but a majority of it probably goes through just by virtue of volume and the speed at which they do it and they’re quite sophisticated at it.”

The North Koreans are not just trying to steal from cryptocurrency firms, but also directly from other crypto thieves.

Should you invest in crypto? One expert weighs in after FTX’s collapse

After an unknown hacker stole $200 million from British firm Euler Finance in March, suspected North Korean operatives tried to set a trap: They sent the hacker a message on the blockchain laced with a vulnerability that may have been an attempt to gain access to the funds, according to Elliptic. (The ruse didn’t work.)

Nick Carlsen, who was an FBI intelligence analyst focused on North Korea until 2021, estimates that North Korea may only have a couple hundred people focused on the task of exploiting cryptocurrency to evade sanctions.

With an international effort to sanction rogue cryptocurrency exchanges and seize stolen money, Carlsen worries that North Korea could turn to less conspicuous forms of fraud. Rather than steal half a billion dollars from a cryptocurrency exchange, he suggested, Pyongyang’s operatives could set up a Ponzi scheme that attracts much less attention.

Yet even at reduced profit margins, cryptocurrency theft is still “wildly profitable,” said Carlsen, who now works at fraud-investigating firm TRM Labs. “So, they have no reason to stop.”

[ad_2]

Source link

April 9, 2023
FBI takes down cybercrime forum that touted data connected to breach affecting US lawmakers | CNN Politics

[ad_1]

CNN
—

The FBI has arrested the alleged founder of a popular cybercriminal forum that touted data stolen in a hack affecting members of Congress and thousands of other people and taken the website down, the Justice Department said Friday.

The website – known as BreachForums – trafficked in the stolen data of millions of Americans until the FBI recently took it offline, the department said in a news release.

The alleged administrator of BreachForums, a 20-year-old New York man named Conor Brian Fitzpatrick, was arrested last week, according to the Justice Department. Fitzpatrick has been charged with conspiracy to commit access device fraud, which carries a sentence of five years in prison, the department said in the release.

The forum gained greater notoriety this month when a hacker posted data they claimed was stolen from a DC health insurance service – an incident that roiled Capitol Hill and exposed the personal data of tens of thousands of people from different walks of life. House of Representatives officials have said hundreds of staff were affected by the incident. The number of lawmakers affected is believed to be less than two dozen, a source familiar told CNN earlier this month.

Among the other victims of Fitzpatrick’s alleged hacking-related activities are a US electronic health care firm, a US internet services provider and a US-based investment firm, according to an affidavit filed in the US District Court for the Eastern District of Virginia. The affidavit did not name the companies.

Fitzpatrick made his initial appearance in federal court on Friday, the Justice Department said. Fitzpatrick was released on a $300,000 bail, according to court documents, which was cosigned by members of his family.

A judge ordered Fitzpatrick not to contact any victims or co-conspirators in the investigation, open any new lines of cryptocurrency nor possess the personal identification information of others.

Nina Ginsberg, an attorney listed for Fitzpatrick in court records, declined to comment. Fitzpatrick has not yet entered a formal plea.

It’s the latest move in a sustained international law enforcement effort to disrupt cybercriminal organizations that cost American business and residents billions of dollars a year. More than $10 billion in losses from online scams were reported to the FBI in 2022, the highest annual loss in the last five years, according to a recent FBI report.

BreachForums emerged last year after US and international law enforcement agencies shut down a similar forum, RaidForums, and arrested its alleged founder in the United Kingdom.

Despite the law enforcement crackdown, there are still several other online forums where criminals can hawk stolen data. And new illicit marketplaces will likely emerge, according to experts.

“While BreachForums is likely permanently offline, it will invariably be replaced by something else,” Brett Callow, threat analyst at cybersecurity firm Emsisoft, told CNN. “Whether that something is a Telegram channel or another Breach-style forum remains to be seen.”

US law enforcement agents have gotten increasingly adept at quietly infiltrating cybercriminal forums and collecting intelligence to feed indictments or arrests.

In the demise of RaidForums, US authorities had access to the website’s computer infrastructure for several months before the seizure was announced, a law enforcement official familiar with the matter previously told CNN.

The latest forum takedown is welcome news but “the resilience of the underground ecosystem as a whole remains mostly untouched as the criminal demand for illicit goods continues to rise,” Michael DeBolt, chief intelligence officer at security firm Intel 471, told CNN.

[ad_2]

Source link

March 24, 2023
FBI says $10 billion lost to online fraud in 2022 as crypto investment scams surged | CNN Politics

[ad_1]

CNN
—

More than $10 billion in losses from online scams were reported to the FBI in 2022, the highest annual loss in the last five years, according to a new report from the bureau.

The more than $3 billion jump in reports of online fraud from 2021 to 2022 was driven by a near-tripling in reports of cryptocurrency investment fraud, the FBI said in its annual Internet Crime Report.

The report tallies a wide variety of fraud complaints – from marketing scams to ransomware – and is a metric for US policymakers in measuring how much hacking and other schemes are costing the American economy.

While people in their 30s filed the most fraud complaints last year, the burden of many digital scams fell on the elderly. People over 60 accounted for $724 million, or more than two-thirds of the reported losses from “call center fraud,” according to the FBI. Such fraud occurs when scammers call someone impersonating tech support or government agencies.

Ransomware, which locks computers until hackers are paid off, accounted for about $34 million in adjusted losses reported to the FBI last year. The relatively modest figure compared to other forms of fraud could be due to the fact that many victim organizations still do not report ransomware attacks to the FBI.

A popular type of ransomware called Hive was used in 87 attacks last year, according to the FBI. The bureau seized Hive operatives’ computer infrastructure earlier this year, but not before hackers affiliated with the ransomware extorted more than $100 million from hospitals, schools and other victims around the world.

While ransomware tends to get the headlines, a different hacking scheme known as business email compromise (BEC) leads to far more money stolen from victims in aggregate. A BEC scheme typically involves someone tricking a victim into wiring them money, often by impersonating a customer or a relative.

One of the more high-profile examples of BEC fraud last year cost the city of Lexington, Kentucky, about $4 million in federal funding for housing assistance.

BEC scams accounted for about $2.7 billion in adjusted losses in 2022, compared to about $2.4 billion in 2021, according to FBI data.

[ad_2]

Source link

March 13, 2023
Capitol Hill data breach more ‘extensive’ than previously known | CNN Politics

[ad_1]

CNN
—

A sweeping cybersecurity breach of congressional members’ private information was more extensive than previously known and affects not only House lawmakers and their staff but also Senate employees.

The Senate sergeant-at-arms alerted Senate staff about the breach Thursday in an email obtained by CNN.

The compromised data is “extensive,” and includes sensitive data such as Social Security numbers, home addresses and information on Senate employees’ health insurance plans, the sergeant-at-arms said in the email, which urged Senate staff to freeze their family credit to guard against fraud.

Law enforcement gave the sergeant-at-arms a list of Senate employees whose data was stolen, the email said, and the sergeant-at-arms was contacting those employees so they could protect themselves from fraud.

Hundreds of US House members and staff also had their personally identifiable information stolen in the breach, which affected a DC health insurance service, CNN reported Wednesday.

Punchbowl News first reported on the sergeant-at-arms’ email.

The revelation that Senate staff also had their data stolen will only increase pressure from Capitol Hill on DC Health Link, the affected insurance service, to provide a full accounting of how the breach occurred.

DC Health Link said Wednesday it had “initiated a comprehensive investigation” of the incident and is working with law enforcement. The FBI is involved in the investigation, the bureau said.

It’s unclear how the data was accessed or who was responsible for the breach, but it immediately raised concerns among lawmakers that they could become the victims of identity theft, as many other Americans have in recent years.

House Speaker Kevin McCarthy and House Minority Leader Hakeem Jeffries have written a letter to DC Health Link expressing their concern over the breach, McCarthy previously told CNN.

Others were less alarmed.

“I can’t get all that worked up about this, honestly,” a Senate staffer told CNN Thursday night.

China “got all my data already in the OPM hack,” the staffer added, referring to the 2014-2015 breach of the Office of Personnel Management that compromised millions of US government personnel records. US officials have blamed Chinese hackers for the breach, a charge Beijing denied.

On a popular cybercrime forum this week, someone claimed to have sold the data belonging to DC Health Link. The advertisement for the stolen data, which CNN reviewed, claimed the leak affected 170,000 people and included Social Security numbers.

CNN was unable to independently verify those claims.

[ad_2]

Source link

March 9, 2023
Hundreds of US lawmakers and staff affected by data breach | CNN Politics

[ad_1]

CNN
—

Hundreds of US House members and staff had their personally identifiable information stolen in a breach of a DC health care insurance service, the House chief administrative officer told lawmakers Wednesday in a letter obtained by CNN.

The FBI is investigating the “significant data breach,” which occurred Tuesday and potentially involved thousands of enrollees in the DC Health Link marketplace, House Chief Administrative Officer Catherine Szpindor told lawmakers in the letter.

“It is important to note that at this time, it does not appear that Members or the House of Representatives were the specific target of the attack,” Szpindor wrote.

DC Health Link confirmed in a statement that “data for some DC Health Link customers has been exposed on a public forum.”

“We have initiated a comprehensive investigation and are working with forensic investigators and law enforcement. Concurrently, we are taking action to ensure the security and privacy of our users’ personal information,” the statement said, adding that DC Health Link will provide identity and credit monitoring services for impacted customers as well as credit monitoring services for all of its customers “out of an abundance of caution.”

The FBI said in a statement Wednesday that it is “aware of this incident and is assisting. As this is an ongoing investigation, we do not have any additional information to provide at this time.”

House Speaker Kevin McCarthy told CNN that the breach, which was first reported by Punchbowl News, is a “real concern.”

“Leader Hakeem Jeffries and I sent a letter to the DC Health about the concern we have here,” the California Republican said, noting that he does not know how many members may have been affected.

On a popular cybercrime forum this week, someone claimed to have sold the data belonging to DC Health Link. The advertisement for the stolen data, which CNN reviewed, claimed the leak affected 170,000 people and included Social Security numbers.

CNN was unable to independently verify those claims. The user advertising the data did not immediately respond Wednesday night when CNN asked in an online chat how much they sold the data for.

The advertisement was removed from the cybercrime forum later Wednesday night. It was not immediately clear why.

The user has been on the cybercrime forum for months and earned a reputation for selling compromised databases, Michael DeBolt, chief intelligence officer at security firm Intel471, told CNN.

“Like other financially motivated actors, (this actor) is opportunistic rather than seeking to target specific regions or sectors,” DeBolt said.

Contractors that store data belonging to US lawmakers could face greater scrutiny following this week’s breach.

The Committee on House Administration Republicans tweeted that Chairman Bryan Steil “is aware of the breach” and is working with Szpindor, the House chief administrative officer, “to ensure the vendor takes necessary steps to protect the (personally identifiable information) of any impacted member, staff, and their families.”

The top Democrat on the panel, Rep. Joe Morelle of New York, told CNN the data breach is “egregious” and that the FBI discovered it because the information ended up on the “dark web.”

He said in addition to investigating what happened, Congress needs to figure out how to allocate more resources so those who contract with the government can better protect this type of information.

“We are deeply concerned about DC Health Link’s data breach and the impact on our Members and staff. We will continue to communicate any updates we receive from law enforcement to impacted Members and staff,” a CAO spokesperson said in a statement.

This story has been updated with additional information.

[ad_2]

Source link

March 8, 2023
US introduces new rules to protect water systems from hackers | CNN Politics

[ad_1]

Washington
CNN
—

The US Environmental Protection Agency on Friday announced new requirements for public water facilities to boost their cybersecurity while expressing concern that many facilities have failed to take basic steps to protect themselves from hackers.

The new EPA memo requires state governments to audit the cybersecurity practices of public water systems — and then use state regulatory authorities to force water systems to add security measures if existing ones are deemed insufficient.

“Cyberattacks that are targeting water systems pose a real and significant threat to our security,” EPA Assistant Administrator Radhika Fox told reporters Thursday.

It’s the latest move in a full-court press by the Biden administration to use its regulatory and policy powers to try to raise the cyber defenses of US critical infrastructure that is frequently targeted by cybercriminals and foreign government-backed hackers.

The EPA memo comes a day after the White House released a national cybersecurity strategy that calls for software makers to be held liable when their products leave gaping holes for hackers to exploit.

A wakeup call for cybersecurity in the water sector came mere weeks into the Biden administration, in February 2021, when a hacker infiltrated a Florida water treatment facility and tried to increase the amount of sodium hydroxide to a potentially dangerous level, according to local authorities.

The facility stopped the attack before harm could be done, but the episode alarmed officials in Washington and led to greater federal scrutiny of the water sector’s security practices.

The FBI and US Cybersecurity and Infrastructure Security Agency have warned about multiple ransomware attacks on the computer networks of water and wastewater facilities from California to Maine.

That greater public attention on the issue has brought improvements; the Water Information Sharing and Analysis Center (WaterISAC), an industry hub for cyber threat data and best practices, says its membership now includes facilities that provide water to most of the US.

“Multiple water sector associations embrace the need to help water systems bolster cyber resilience,” Jennifer Lyn Walker, the WaterISAC’s director of infrastructure cyber defense, told CNN. “The larger systems have been leading the charge for years, so I think we can adapt that effort toward the medium and smaller systems for the greater good of the sector.”

But the sprawling US water sector, which includes more than 148,000 public water systems, has sometimes struggled with funding and personnel to protect systems.

At public water systems, “top-down authorization for major cybersecurity projects, unfortunately, usually only happen after an incident,” Chris Grove, director of cybersecurity strategy at industrial security firm Nozomi Networks, told CNN.

“Within the municipalities that manage the public water systems, they are choosing between a library expansion, cameras for the police, or cybersecurity for water and wastewater treatment systems,” Grove said.

[ad_2]

Source link

March 3, 2023
Top US cyber official warns software firms aren’t doing enough to stop damage from hackers from China and elsewhere | CNN Politics

[ad_1]

Washington
CNN
—

Chinese hackers are too frequently going “unidentified and undeterred,” and software companies aren’t doing enough to secure their products from cyber-attacks that “can do real damage” to US interests through the loss of trade secrets, a top US cyber official said Monday.

“The risk introduced to all of us by unsafe technology is frankly much more dangerous and pervasive than the spy balloon, but somehow we’ve allowed ourselves to accept it,” US Cybersecurity and Infrastructure Security Agency Director Jen Easterly said in a speech at Carnegie Mellon University.

Easterly was referring to a suspected Chinese surveillance balloon that flew over multiple US states before the US military shot it down on February 4. The episode has increased tensions in US-China relations and caused US Secretary of State Antony Blinken to postpone a trip to Beijing.

Easterly’s speech reflects frustration from US officials that major software programs used by millions of people are routinely released with gaping flaws that can be exploited by hackers. After a series of high-profile hacks, the Biden administration introduced cybersecurity regulations for sectors such as pipelines. US officials have not ruled out more regulation in an effort to raise defenses.

While the balloon caused a public uproar, cybersecurity officials from across the US government have been warning for years that China has been quietly amassing US government and corporate secrets through hacking. Beijing denies the allegations.

The alleged Chinese cyber espionage campaigns have often exploited wildly popular software that has allowed them a foothold into US government agencies and corporations alike. In late 2021, for example, suspected hackers used a popular password management software to breach multiple US defense contractors, according to researchers.

Easterly, who spent years working on offensive cyber operations with the US National Security Agency, said the frequent hacks of US organizations by China and other foreign governments and criminal groups are merely a “symptom” rather than a cause of US insecurity in cyberspace.

The bigger problem, she said, is that too many major software makers are not designing their products mores securely and making it easy on the user to maintain that security.

Easterly did not single out specific companies for poor software design, but instead cited statistics from Twitter and Microsoft saying just a fraction of users or enterprise customers are using an extra layer of security when signing into their accounts.

“[T]he burden of safety should never fall solely upon the customer,” Easterly said. “Technology manufacturers must take ownership of the security outcomes of their customers.”

She called on technology manufacturers to “embrace radical transparency” by sharing more of their software design plans publicly so they can be scrutinized by experts.

[ad_2]

Source link

February 27, 2023
Hackers interrupt Iran president’s TV speech on anniversary of revolution | CNN

[ad_1]

The Islamic Republic marked the 44th anniversary of the Iranian revolution on Saturday with state-organized rallies, as anti-government hackers briefly interrupted a televised speech by President Ebrahim Raisi.

Raisi, whose hardline government faces one of the boldest challenges from young protesters calling for its ouster, appealed to the “deceived youth” to repent so they can be pardoned by Iran’s supreme leader.

In that case, he told a crowd congregated at Tehran’s expansive Azadi Square: “the Iranian people will embrace them with open arms”.

His live televised speech was interrupted on the internet for about a minute, with a logo appearing on the screen of a group of anti-Iranian government hackers that goes by the name of “Edalate Ali (Justice of Ali).”

A voice shouted “Death to the Islamic Republic.”

Nationwide protests swept Iran following the death in September of 22-year-old Mahsa Amini in the custody of the country’s morality police.

Security forces have responded with a deadly crackdown to the protests, among the strongest challenges to the Islamic Republic since the 1979 revolution ended 2,500 years of monarchy.

As part of an amnesty marking the revolution’s anniversary, Iranian authorities on Friday released jailed dissident Farhad Meysami, who had been on a hunger strike, and Iranian-French academic Fariba Adelkhah.

On Sunday, Supreme Leader Ayatollah Ali Khamenei issued an amnesty covering a large number of prisoners, including some arrested in recent anti-government protests.

Rights group HRANA said dozens of political prisoners and protesters, including several prominent figures, had been freed under the amnesty but that the exact conditions of their release were not known.

Rights activists have expressed concern on social media that many may have been forced to sign pledges not to repeat their “offenses” before being released. The judiciary denied this on Friday.

HRANA said that as of Friday, 528 protesters had been killed, including 71 minors. It said 70 government security forces had also been killed. As many as 19,763 protesters are believed to have been arrested.

Iranian leaders and state media had for weeks appealed for a strong turnout at Saturday’s rallies as a show of solidarity and popularity in an apparent response to the protests.

On the anniversary’s eve Friday night, state media showed fireworks as part of government-sponsored celebrations, and people chanting “Allahu Akbar! (God is Greatest!).” However, many could be heard shouting “Death to the dictator!” and “Death to the Islamic Republic” on videos posted on social media.

The social media posts could not be verified independently.

Government television on Saturday aired live footage of the state rallies around the country.

In Tehran, domestic-made anti-ballistic missiles, a drone, an anti-submarine cruiser, and other military equipment were on display as part of the celebrations.

“People have realized that the enemy’s problem is not woman, life, or freedom,” Raisi said in a live televised speech at Tehran’s Azadi Square, referring to the protesters’ signature slogan.

“Rather, they want to take our independence,” he said.

His speech was frequently interrupted by chants of “Death to America” – a trademark slogan at state rallies. The crowd also chanted “Death to Israel.”

Raisi accused the “enemies” of promoting “the worst kind of vulgarity, which is homosexuality”.

Adelkhah, who had been in prison since 2019, was one of seven French nationals detained in Iran, a factor that has worsened relations between Paris and Tehran in recent months.

She was sentenced in 2020 to five years in prison on national security charges. She was moved to house arrest later but in January returned to jail. Adelkhah has denied the charges.

Meysami’s release came a week after supporters warned that he risked dying because of his hunger strike. He was arrested in 2018 for protesting against the compulsory wearing of the hijab.

In announcing Adelkhah’s release on Friday, the French foreign ministry called that her freedoms be restored, “including returning to France if she wishes.”

“Legally, her file is considered completed, and legally there should be no problem to leave the country, but this issue has to be reviewed. So … it is not clear how long it will take,” said her lawyer, Hojjat Kermani.

[ad_2]

Source link

February 11, 2023
North Korean hackers extorted health care organizations to fund further cyberattacks, US and South Korea say | CNN Politics

[ad_1]

Washington
CNN
—

North Korean government-backed hackers have conducted ransomware attacks on health care providers and other key sectors in the US and South Korea and used the proceeds to fund further cyberattacks on government agencies in Washington and Seoul, US and South Korean officials warned Thursday.

Some of those follow-on hacks have specifically targeted Pentagon networks and US defense contractors, according to the advisory from US and South Korean intelligence and security agencies.

It’s the latest in a drumbeat of warnings from US officials that North Korea is adopting cybercriminal tactics to fund dictator Kim Jong Un’s ambitions, including the regime’s pursuit of nuclear weapons.

The statement from the US Federal Bureau of Investigation, US National Security Agency, South Korean National Intelligence Service and others does not mention Kim’s weapons programs, but US officials have previously warned that a portion of the money Pyongyang steals through hacking can go to weapons development.

North Korea’s use of stolen cryptocurrency to fund its weapons programs is part of the regular set of intelligence products presented to President Joe Biden, a senior administration official told CNN this week.

“They need money, so they’re going to keep being creative,” the official said. “I don’t think the North Koreans are ever going to stop looking for illicit ways to glean funds because it’s an authoritarian regime … under heavy sanctions.”

The news comes as North Korea displayed nearly a dozen advanced intercontinental ballistic missiles at a nighttime military parade on Wednesday.

The new US-South Korea advisory did not identify hospitals that the North Korean hackers had allegedly victimized. The Justice Department has previously accused Pyongyang-backed hackers of hitting a medical center in Kansas in 2021, encrypting computer systems the facility relied on to operate key equipment, and another medical provider in Colorado.

The advisory follows a similar warning from US agencies in July that North Korean hackers had used ransomware to disrupt services at health organizations for “prolonged periods.”

In the statement released Thursday, US and South Korean officials accused North Korean hackers of taking pains to try to hide their identities – even posing as a notorious Russian ransomware gang. The North Koreans are also emulating non-state criminals in dumping online the private data of victims who do not pay, officials said.

The hackers have used a popular software used in small and medium-sized hospitals in South Korea to spread their malicious code with the aim of locking up computers, according to the advisory.

In addition to hacking, suspected North Koreans have posed as other nationalities to apply for work at IT firms and send money back to Pyongyang, US agencies have publicly warned. A CNN investigation found at least one cryptocurrency entrepreneur who unwittingly paid a North Korean tech worker tens of thousands of dollars.

[ad_2]

Source link

February 9, 2023
America’s top cyber diplomat says his Twitter account was hacked | CNN Politics

[ad_1]

CNN
—

America’s top cybersecurity diplomat Nate Fick said his personal Twitter account was hacked, calling it part of the “perils of the job.”

Fick tweeted the news from his personal account Saturday evening.

It was not clear who was responsible for the hack or if they had made any unauthorized posts on Fick’s account. He did not immediately respond to a request for comment Sunday.

There did not appear to any broader fallout from the hack. Fick uses the account sparingly and instead promotes his work through an official State Department account.

President Joe Biden announced in June his intent to nominate Fick, a Marine Corps veteran and former chief executive of a cybersecurity firm, to lead the newly formed Bureau of Cyberspace and Digital Policy.

The new bureau is an effort to make digital rights issues an intrinsic part of US foreign policy at a time when Russia and China are increasingly trying to put their own authoritarian stamp on the internet.

Fick was sworn into office in September as the country’s first “ambassador-at-large” for cyberspace and digital policy. His charge includes helping build US allies’ ability to respond to cyberattacks and promoting secure 5G communications technology.

Fick is scheduled to travel to Seoul this week to discuss cybersecurity cooperation with the South Korean government, according to the State Department. Washington and Seoul share a common cyberspace foe in North Korea, which has robust hacking capabilities despite its reputation as a digital backwater.

[ad_2]

Source link

February 5, 2023
Record $3.8 billion stolen in crypto hacks last year, report says | CNN Business

[ad_1]

New York
CNN
—

A record $3.8 billion worth of cryptocurrency was stolen from various services last year, with much of those thefts driven by North Korean-linked hackers, according to a report Wednesday from blockchain analytics firm Chainalysis.

The increase in crypto heists, from $3.3 billion in 2021, came as the overall market for cryptocurrencies suffered significant declines. The value of Bitcoin, for example, fell by more than 60% last year.

North Korea was a key driver for the surge in thefts, according to the report. Hackers linked to the country stole an estimated $1.7 billion worth of crytopcurrency through various hacks in 2022, up from $429 million in the prior year, Chainalysis said.

Some of the biggest crypto hacks of the year have since been attributed to North Korea. The FBI has blamed hackers linked to the North Korean government for more than $600 million hack of video game Axie Infinity’s Ronin network in March and a $100 million Harmony, a cryptocurrency firm, in June.

“North Korea’s total exports in 2020 totalled $142 million worth of goods, so it isn’t a stretch to say that cryptocurrency hacking is a sizable chunk of the nation’s economy,” Chainalysis noted in the report.

US officials worry Pyongyang will use money stolen from crypto hacks to fund its illicit nuclear and ballistic weapons program. North Korean hackers have stolen the equivalent of billions of dollars in recent years by raiding cryptocurrency exchanges, according to the United Nations.

In addition to hacking cryptocurrency firms, suspected North Koreans have posed as other nationalities to apply for work at such firms and send money back to Pyongyang, US agencies have publicly warned.

In general, decentralized finance (DeFi) protocols were the main target of hackers, accounting for more than 80% of all cryptocurrency stolen for the year, according to the report. These protocols are used to replace traditional financial institutions with software that allows users to transact directly with each other via the blockchain, the digital ledger that underpins cryptocurrencies.

Of the attacks on DeFi systems, 64% targeted cross-chain bridge protocols, which allow users to exchange assets between different blockchains. Bridge services typically hold large reserves of various coins, making them targets for hackers. (The thefts on Axie Infinity and Harmony were both bridge hacks.)

While crypto hacks continued to rise last year, there is some cause for hope. Law enforcement and national security agencies are expanding their abilities to combat digital criminals, such as the FBI’s recovery of $30 million worth of cryptocurrency stolen in the Axie Infinity hack.

Those efforts, combined with other agencies cracking down on money laundering techniques, “means that these hacks will get harder and less fruitful with each passing year,” according to Chainalysis.

[ad_2]

Source link

February 5, 2023