This Week in CyberSec Headlines, 21 May 2018

US News

Tennessee Election Security

Tennessee County Elections Targeted by Cyberattacks, CSCC article

Alaska Election Website Hacked in 2016

CyberScoop, Alaska election website was hacked on Election Day in 2016: report, 8 May 2018

“On Election Day 2016, a hacker successfully penetrated a server hosting Alaska’s main election website, the Anchorage Daily News reported on Monday night, citing documents obtained through a public records request.”

Anchorage Daily News, Hackers broke partway into Alaska’s election system in 2016. Officials say no damage was done., 8 May 2018

Alaska Division of Administrative Services, Document re: Alaska Division of Elections Reporting System Compromise (pdf), 8 November 2016

“This morning at 5:37am we were notified via an alert that an unknown individual… had posted a screen shot from what appeared to be a compromised Alaska Division of Elections reporting system.

Senate Report on Russian Election Interference

Fifth Domain, The 7 takeaways from the Senate report on Russia’s election interference, 9 May 2018

“The Senate Intelligence Committee provided a narrative of Russia’s efforts to disrupt the 2016 presidential election and offered six recommendations for the government to improve its security”

Securus Breach, LocationSmart Data Leaks, and Mobile Tracking

Motherboard, Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US, 16 May 2018

Krebs On Security, Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site, 18 May 2018

“LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization” “…It could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards.”

ZDnet, US cell carriers are selling access to your real-time phone location data, 14 May 2018

“Securus, a prison technology company, can track any phone “within seconds” by using data obtained from the country’s largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart.”

New York Times, Service Meant to Monitor Inmates’ Calls Could Track You, Too, 10 May 2018

Mortherbord, Cops Can Find the Location of Any Phone in the Country in Seconds, and a Senator Wants to Know Why

United States Senate, Letter from Senator Ron Wyden, 8 May 2018

Chili’s Data Breach

Threatpost, Chili’s Doesn’t Leave Data Breach on the Back Burner

“Chili’s has become the latest victim of a data breach involving the heist of point-of-sale information from payment cards”

Cybersecurity Tech Accord

Cybersecurity Tech Accord, Signing pledge to fight cyberattacks, 34 leading companies promise equal protection for customers worldwide, 17 April 2018

“34 global technology and security companies signed a Cybersecurity Tech Accord, a watershed agreement among the largest-ever group of companies agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states. The 34 companies include ABB, Arm, Cisco, Facebook, HP, HPE, Microsoft, Nokia, Oracle, and Trend Micro”

Cybersecurity Tech Accord

Vault7 CIA Data Breach Suspect Charged

New York Times, Suspect Identified in C.I.A. Leak Was Charged, but Not for the Breach

Department of Homeland Security, U.S. Department of Homeland Security Cybersecurity Strategy (pdf), 15 May 2018

White House Cybersecurity Coordinator Role Eliminated

SecurityWeek, White House Cuts Cybersecurity Coordinator Role

“The White House has eliminated the role of cybersecurity coordinator following the departure of Rob Joyce, and many lawmakers and cybersecurity experts are not happy with the decision.” “…the decision is part of an effort to “streamline authority” and the duties of the cybersecurity coordinator will be performed by the two other senior directors on the NSC cyber team.”

ZDnet, White House eliminates cybersecurity coordinator role

Executive Order Elevates CIO Role

FedScoop, Trump signs executive order to elevate the role of agency CIOs

“President Donald Trump has signed an executive order that will elevate the role of agency CIOs. The order, issued Tuesday afternoon, will require that agency CIOs report directly to the agency head. It will also make CIOs voting members of bureau-level IT governance boards in a bid to increase their enterprise awareness, and give them increased hiring powers.”

White House, Executive Order Enhancing the Effectiveness of Agency Chief Information Officers

International News

Rail Europe Data Breach

Rail Europe, Notice of Data Breach (pdf)

“We discovered that beginning on November 29, 2017, through February 16, 2018, unauthorized persons gained unauthorized access to our ecommerce websites’ IT platform.”

Bitdefender, Hot For Security blog, Rail Europe data breach lasted almost three months, 16 May 2018

“Real Europe North America Inc (RENA) is writing to customers to inform them that it has discovered evidence that hackers gained unauthorised access to its ecommerce website used to book tickets, and might have stolen a significant amount of sensitive data.”

Syrian Electronic Army Indictments

Bitdefender, Hot For Security blog, Suspected Syrian Electronic Army hackers indicted for conspiracy and identity theft, 18 May 2018

Dark Reading, Syrian Electronic Army Members Indicted for Conspiracy, 18 May 2018

“A federal grand jury has returned an 11-count indictment against two Syrian men, who have been charged with multiple counts of aggravated identity theft and their involvement in a conspiracy to commit computer hacking as members of the Syrian Electronic Army (SEA).”

“The indictment alleges that Ahmad ‘Umar Agha… conducted spearphishing attacks on the US government, military, international organizations, and several private-sector entities including the US Marine Corps, Executive Office of the President, NASA, The New York Times, USA Today, Time, Human Rights Watch, National Public Radio, and several other organizations and individuals.”

Dark Overlord Arrests in Serbia

Bitdefender, Hot For Security blog, The Dark Overlord: Suspected hacking group member arrested in Serbia, 17 May 2018

“Serbian police have arrested a man suspected of being a member of the notorious and high profile hacking and extortion group…Past victims of The Dark Overlord “hack-then-extort” group include Hollywood studios, investment banks, Gorilla Glue, a celebrity plastic surgery clinic, and healthcare organisations.”

CyberScoop, ‘TheDarkOverlord’ shrugs shoulders over Serbian man’s arrest, 18 May 2018

“The group is famous for a noisy two-year cybercrime spree including hacking, extorting and then leaking episodes from the Netflix series “Orange is the New Black,” as well as hacking U.S. school systems and sending death threats to U.S. students.”

Japan Data Breach

SecurityWeek, 200 Million Sets of Japanese PII Emerge on Underground Forums

“A dataset allegedly containing 200 million unique sets of personally identifiable information (PII) exfiltrated from several popular Japanese website databases emerged on underground forums.”

Mexican Bank Thefts

Reuters, Mexico central bank says hackers siphoned $15 million from five companies, 16 May 2018

“Mexico’s central bank said on Wednesday that a cyber attack had sucked around 300 million pesos ($15.33 million) in fraudulent transfers from five companies, but it was unclear how much thieves had managed to pull out in cash.”

Tripwire, The State of Security blog, Hackers siphon hundreds of millions of pesos out of Mexican banks through shadow transactions, 17 May 2018

“A software vulnerability is suspected of being to blame for a hack through which criminals transfer more than 300 million pesos (over US $15 million) out of Mexican banks.”