'President' Donald Trump is expected to sign an executive order addressing cybersecurity today, Reuters reports in an item that cites "two sources familiar with the situation.” The EO is expected to be Trump's first action to address what he called a top priority of his administration during the Presidential campaign.
Last week a software platform used by 1,000 cannabis businesses crashed. The CEO of MJ Freeway says the outage was caused by an "unprecedented, malicious attack."
An MJ Freeway spokesperson told the Globe last week that the attack was specifically targeted at MJ Freeway, which is based in Denver. The company reports that it has received no ransom demands, suggesting that the attack could have been personally or politically motivated.
MJ Freeway, which serves more than 1,000 clients, is one of the most prominent startups providing technical infrastructure for the booming legal marijuana industry. In a 2015 Bloomberg profile, the company’s services were described as something like SAP or Oracle for weed, with features like automatic sales reports, staff scheduling, and crop data tracking.
(Thanks, Julian!) Read the rest
A hacker called up T-Mobile and convinced the customer service representative that he was Jared Kenna. T-Mobile believed the hacker and transferred Kenna's phone number from T-Mobile to another carrier. Once the hacker had Kenna's phone number he took over about 30 of Kenna's accounts, which had been protected with 2-factor authentication. The accounts included "two banks, PayPal, two bitcoin services — and, crucially, his Windows account, which was the key to his PC." In short order the hacker stole "millions" of dollars worth of Kenna's bitcoin.
From Laura Shin's article in Forbes:
Read the rest
Kenna was so early in bitcoin that he remembers when he would plug his computer into the network and see only four other computers running it. Now, there are more than 5,000. Computers supporting the network are slated into a competition to win bitcoin roughly every 10 minutes. In the early days, the payout was 50 bitcoin each time; now it’s 12.5. Kenna recalls that at a certain point, when he was “only” winning 50 bitcoins a day, he stopped supporting the network, thinking it wasn’t worth it. At today’s price, he was giving up on $40,000 a day.
Though he did have some bitcoins in online services, particularly since his businesses accept bitcoin as payment, he kept almost all his bitcoins on an encrypted hard drive. “It was essentially my never-sell-this-until-it-goes-to-a-billion-dollars nest egg,” he says. He had kept it offline for most of the past several years, but had connected that device in recent weeks to move them somewhere more secure and sell some.
In 1980, WMTV in Madison, Wisconsin produced this feature about early personal computers and the geeks who loved them. I enjoyed the discussion of The Source, which was the first online experience I ever had.
George Martin, who posted the video to YouTube, writes: "About halfway through the video there is a segment filmed at my home showing how I had programmed a Cromemco Z-2 computer to control lights and appliances."
Gabriella Coleman is the "hacker anthropologist" whose book on the anthropology of Anonymous is among the best books on hacking I've ever read; her new paper in Current Anthropology, From Internet Farming to Weapons of the Geek, poses a fascinating question: given that hackers are as well-paid and privileged as doctors, lawyers and academics, how come hackers are so much more political than other members of the professional elites? Read the rest
A former Booz Allen Hamilton contractor who worked with the National Security Agency will face charges of espionage in a case involving 50 terabytes or more of highly sensitive NSA data the government says were stolen.
Cybersecurity firm Symantec said today a second hacking group has been trying to rob banks with phony SWIFT messages. That same method nabbed $81 million in a high-profile attack on the central bank of Bangladesh earlier this year.
Symantec said that a group dubbed Odinaff has infected 10 to 20 organizations with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system.
Symantec's research provided new insight into ongoing hacking that has previously been disclosed by SWIFT. SWIFT Chief Executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise.
SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.
Symantec promises to share technical information about Odinaff with banks, governments and other security firms involved in the SWIFT system. Read the rest
At the first presidential debate this week, GOP nominee Donald Trump fat-shamed a fictional IT character he made up. Speaking about a series of hacks on Democratic National Committee organizations, Trump said, “I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK? You don’t know who broke in to DNC.”
Trump's mean trope of a hacker “sitting on their bed that weighs 400 pounds” is nothing new to “XXL and greater” sized information security professionals.
Anonymous U.S. intelligence sources cited by NBC News say the White House has ordered a special intelligence task force to look into Russia's recent hacks of various Democratic political organizations.
Ever wonder if it's really a good idea for there to be “terrorism watch lists” created by for-profit businesses, with no accountability to the privacy rights of ordinary citizens like you and me?
The best-known of these, Thomson Reuters' “World-Check,” recently leaked to the so-called dark web. The database is compiled from public sources, and is sold by Thomson Reuters to vetted clients in government, intelligence agencies, banks, law firms, and the like.
A man the U.S. says is a hacker aligned with the government of Syria's President Bashar al-Assad will appear in a federal court in Alexandria, Virginia, on Tuesday. An unnamed source with U.S. law enforcement told reporters today that the accused hacker, 36 year old Peter Romar, was extradited to the US and flown from Germany to Dulles International Airport on Monday.
There's been an awful lot of talk about “cyber pathogens” and “cyber bombs” lately from the mouths of American officials discussing terrorism, and how we will vanquish it. President Obama mentioned “cyber ops” against Islamic State terrorists in one recent address. Today, we know a little more about what was behind last week's cyber-hawkish hacking headlines.
Federal investigators have discovered major security vulnerabilities in the state health insurance websites for California, Kentucky and Vermont that could allow criminals to access sensitive personal data for hundreds of thousands of people.