Tag Archives: Hacking

Officials State Hackers Stole 5.6 Million Fingerprints, More Than Previously Reported

The Office of Personnel Management (OPM) announced that 5.6 million fingerprints were stolen in April’s cyber attack, more than five times the amount the agency first reported.

The hackers were able to obtain fingerprints, social security numbers, names, addresses, health information, and financial data from millions of government employees. The OPM stated in June that personnel records of 4.2 million people had been compromised in the cyber attack. A month later, the agency announced a second attack that was targeting 21.5 million people and only 1.1 million fingerprints had been stolen.

“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”

The OPM tried to downplay the situation by stating that the ability to abuse fingerprint data was “currently limited.” The agency did warn that as technology improved there could be a higher chance of someone using their fingerprints as a guarantee of identity. Considering there are now security measures for unlocking smartphones and home security systems using a person’s fingerprints, that day may not be as far as the OPM states.

Investigations are continuing as officials are still trying to find who was responsible for the cyber attacks. Meanwhile, the OPM is still in the process of notifying everyone who had information stolen. According to the agency, they will provide free identity theft and fraud protection services to those who were affected by the cyber attack.

U.S. officials have blamed China for the OPM breach. China has continued to deny the attacks. The announcement comes during the second day that Chinese President Xi Jinping is visiting the United States. Jinping is due to meet President Obama in Washington on Friday.

Russian Man Admits Global Hacking Scheme

A Russian man has admitted his role in a hacking scheme that sold record amounts of stolen credit and debit card numbers.

Vladimir Drinkman admitted that he had a major role in stealing 160 million credit and debit card numbers.  U.S. Attorney Paul Fishman said the hacking and data breach is the largest ever prosecuted in America.

Drinkman pleaded guilty to charges of conspiracy involving wire fraud and unauthorized access to protected computers. The 34-year-old will be sentenced in January and faces up to 35 years in federal prison after which he will be deported.

He also will face millions of dollars in fines.

Drinkman told the court that from 2005 to 2012 he worked with others on a scheme that sent malware to corporate computers to obtain personal information.  The malware would then delete itself so corporations could not tell they had been breached.

Some of the companies impacted where 7-Eleven, Dow Jones and NASDAQ.

Drinkman was arrested in the Netherlands in 2012 and brought to the U.S. for trial.  One of his co-conspirators, Dmitriy Smilianets, is in federal custody awaiting trial.  Three other co-conspirators are still on the run.

Martial Cheaters Exposed by Hackers

Users of the website Ashley Madison, which is designed to allow married people to cheat on their spouses, have been exposed to the world after the release of approximately 9.7 gigabytes of user data.

A group of hackers called “The Impact Team” released millions of usernames, real names and purchase information for users of Ashley Madison and a companion site, Established Men, which allows rich men to find young women.

The hackers focused on a portion of the website called “Full Delete” which for $19 has promised to scrub all user information from the site for those who no longer wished to use it.

In 2014, the “Full Delete” feature netted $1.7mm in revenue for the company that owns both websites, Avid Life Media (ALM).

“[Full Delete is] also a complete lie,” the Impact Team wrote after the hack last month. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

“…Too bad for ALM, you promised secrecy but didn’t deliver.”

The hackers then made their next threat.

“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret…fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” the hackers wrote in a statement following the breach.

Brian Krebs, the cybersecurity reporter with the Washington Post, wrote on the newspaper’s website that he had contacted three sources who were listed in the data dump and the sources verified the information was accurate.

“It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society,” officials from Ashley Madison’s parent company Avid Life Media wrote in a statement.

“We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law,” the statement continued.

Obama Administration Warns China Over Covert Agents in U.S.

The Obama administration has sent a harsh warning to Chinese officials about undercover Chinese intelligence agents coming to the U.S. and seeking out fugitives or immigrants.

The agents are working to bring home those the Communist government accuse of “corruption” after they gained asylum or resident status in the United States.

The declaration from the administration comes after officials discovered that Chinese hacking groups were infiltrating U.S. email databases.

Federal officials say they have found the undercover Chinese agents in the country illegally under tourist or trade visas.  These agents are using strong-arm tactics to force those the Communist government considers an enemy to return to China to be prosecuted.

Tactics include threats against family members still in China.

“Our principle is thus: Whether or not there is an agreement [with local law enforcement] in place, as long as there is information that there is a criminal suspect, we will chase them over there, we will take our work to them, anywhere,” Liu Dong, a director of Operation Fox Hunt, told the New York Times.

China and the United States do not have an extradition treaty, so the U.S. cannot force a Chinese national to return although in the past U.S. officials have returned suspected Chinese criminals.

Intelligence Officials Admit China Has Hacked Obama Administration Emails Since 2010

Senior U.S. Intelligence officials are confirming that China has been hacking the emails of Obama Administration officials since 2010.

The National Security Agency (NSA) has confirmed the intrusions were first detected in April 2010 and that the hacking of various accounts is still taking place.  The NSA official said that all top national security and trade officials have been targeted by the attack including Joint Chiefs of Staff Chairman Adm. Mike Mullen and Chief of Naval Operations Adm. Gary Roughead.

Gmail accounts were specifically mentioned by the NSA official but other email providers were also confirmed to have violated by the attack.

NBC reported the hacks were first code-named Dancing Pandaand then Legion Amethyst.

“There’s no effective defense against these attacks and, as we’ve seen, there’s also no effective deterrence,” geopolitical expert Ian Bremmer told Business Insider in June.

“China isn’t trying to engage in ‘integrity’ attacks against the US they don’t want to destroy American institutions and architecture as, after all, they’re hugely invested in American economic success,” he added.

Army Website Hit By Syrian Hackers

The U.S. Army’s official website was taken down Monday by hackers who claim they were the Syrian Electronic Army.

The attack forced the Army to take army.mil offline to protect from further damage.

The hacking comes less than a week after the discovery of Chinese hackers breaking into several important federal government servers that housed the personal information of millions of federal employees.

“Today an element of the Army.mil service provider’s content was compromised,” Army Brig. Gen. Malcolm Frost said in a statement. “After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily.”

The Syrian Electronic Army launched in 2011 with a stated goal of attacking the enemies of the Syrian government.  They claim to not be officially connected to the Syrian government.

The Army has been the target of hacking in the recent past.  Five months ago the website was hit by pro-ISIS hackers who posted messages on the Army’s YouTube and twitter accounts.

Hackers Could Bring Down Planes Using Wi-Fi

A shocking new report from the General Accounting Office (GAO) says that terrorist hackers could use the on-board Wi-Fi of an airplane to take control and bring it down.

The GAO report doesn’t suggest it would be easy for the hackers to bring down the places but that they could do it through the current Wi-Fi technology.  The report says the “worst case scenario” would be a terrorist on a plane with a laptop.  The terrorist could use the on-board Wi-Fi to take control of the plane from their seat.

Rep. Peter DeFazio (D-OR), a member of the House Transportation and Infrastructure committee said that the Federal Aviation Administration (FAA) needs to work quickly to solve this deficiency in airline security.

“According to cybersecurity experts we interviewed, Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” the report states.

The report follows a separate GAO report that determined the FAA’s system for building planes was at “increased and unnecessary risk” for being hacked.