May 202018

Tom Diacono reports:

Journalist-blogger Manuel Delia has warned his blog is being targeted by Ukrainian hackers in what he described as one of the most vicious cyber-attacks in Maltese history.

“The storm has been raging for most of this week and every effort of the technical team to counter the attack is met by a vicious onslaught on some other vulnerability of the website,” Delia said in an article on The Shift News. “The great bulk of the attack comes from Ukraine, though computers from all over the globe are being used to complement those waves. The website’s engineers say it is a well-funded, professional attack on a scale rarely known to be used on other websites in Malta.”

Read more on Lovin Malta.  There’s a great statement in the blogger’s post that I want to emphasize here:

Many people make the mistake of thinking this is an assault on the right of journalists to speak their mind. It is that. But it is more importantly an assault on people’s right to know.

May 182018

May 17 – ALEXANDRIA, Va. – A federal grand jury returned an 11-count indictment today charging two Syrian men with offenses relating to their participation in a conspiracy to engage in computer hacking as members of the “Syrian Electronic Army” or “SEA.”

Ahmad ‘Umar Agha, who is known online as the “The Pro,” and Firas Dardar, who uses the nickname “The Shadow,” were indicted on conspiracy charges and multiple counts of aggravated identity theft.

According to allegations in the indictment, under the name “Syrian Electronic Army,” the conspirators focused on spearphishing U.S. government, military, international organizations, and private-sector entities, including the Executive Office of the President, the U.S. Marine Corps, the National Aeronautics and Space Administration, National Public Radio, the Associated Press, Reuters, The Washington Post, The New York Times, CNN, The Onion, USA Today, The New York Post, Time, Human Rights Watch, and scores of other entities and individuals. Agha and Dardar would research targets and then engage in dedicated spearphishing attacks on victim organizations. When the conspiracy’s spearphishing efforts were successful, Agha and Dardar allegedly would use stolen usernames and passwords to deface websites, redirect domains to sites controlled or utilized by the conspiracy, steal electronic mail, and hijack social media accounts.

The alleged offenses of conspiracy and conspiracy to commit wire fraud carry maximum prison terms of 5 and 20 years in prison, respectively, and the alleged aggravated identity theft charges carry a collective mandatory prison term of 2 years in prison and a maximum 18 years in prison. Actual sentences for federal crimes are typically less than the maximum penalties. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors.

Tracy Doherty-McCormick, Acting U.S. Attorney for the Eastern District of Virginia, John C. Demers, Assistant Attorney General for National Security, and Nancy McNamara, Assistant Director in Charge of the FBI’s Washington Field Office, made the announcement after the indictment was returned.

The case was investigated by the FBI’s Washington Field Office with assistance from other law enforcement agencies including the NASA Office of the Inspector General. Assistant U.S. Attorneys Jay V. Prabhu and Maya D. Song, and Trial Attorneys Scott McCulloch, Nathan Charles, and Brandon Van Grack of the Justice Department’s National Security Division are prosecuting the case.

A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia. Related court documents and information is located on the website of the District Court for the Eastern District of Virginia or on PACER by searching for Case No. 1:18-cr-221.

An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed to be innocent until and unless proven guilty in court.

SOURCE: U.S. Attorney’s Office, Eastern District of Virginia

May 162018

Joseph Cox reports:

Last week, Motherboard reported that a vigilante hacker had stolen data from a hacking group that researchers say is a government-linked cyberespionage unit. The data included GPS locations, text messages, and phone calls that the group had taken from their own victims. Now, that hacker has seemingly published the stolen data online for anyone to download.

Read more on Motherboard.

May 142018

Naven Goud reports:

Family Planning NSW(FPNSW), an organization looking into the reproductive and Sexual health of Australian populace is said to have become a victim of a ransomware on Anzac Day. Officials at the New South Wales based healthcare agency has confirmed that their database was hit by ransomware and information related to the customer’s who contacted the healthcare organization in the last two and half years was locked from access.

Sources reporting to Cybersecurity Insiders said that the data of over 8000 customers who have contacted the agency and left a feedback regarding the services could have been compromised in the potential data breach. But FPNSW authorities assured that no medical records were accessed in the breach.

Read more on Cybersecurity Insiders.

May 112018

The Cerebral Palsy Research Foundation of Kansas, Inc. posted the following notice on its site about a breach. According to their report to HHS, the incident resulted in the notification of 8300 clients.

May 9, 2018

To CPRF Clients:

We are writing to notify CPRF clients of a privacy incident involving demographic data for those served from 2001-2010.

What happened?

On March 10, 2018, the CPRF team became aware that a previously used database containing client data was vulnerable for a period of 10 months. CPRF immediately re-secured the information and began the investigation and identification process. CPRF determined that, in the course of building a demographic database in early 2000, the information was stored on a secure sub-domain. This database was not identified during a recent change in servers at CPRF, which temporarily exposed the information before it was re-secured.

What information was involved?

The information could include personal identifiable information and personal health information regarding type of disability. If you were a CPRF client from 2001-2010, please call 855-789-0923 with any questions regarding what type of information was exposed on an individual level. No client financial information or donor information was affected.

What we are doing?

Once we became aware of the situation, we immediately re-secured the information and took the necessary steps to determine the scope and nature of the information in order to send notification letters to those affected.

As a result of this incident, CPRF conducted a thorough audit of all other sub-domains and detected no further vulnerabilities. We also reinforced our policies and procedures related to data security and employee transitions, and we are in the process of hiring a third-party consultant to perform routine vulnerability and penetration evaluations.

What you can do?

All CPRF clients who were affected by this incident should sign up for the free, one-year credit monitoring and identity protection services offered. A website and personal activation code were included in the client notification letter. If you did not receive a letter, but were a CPRF client from 2001-2010, call 855-789-0923 to determine if you were affected. If so, we encourage you to use the credit monitoring and identity protection services.

Other ways to protect against harm:

    • Call the toll-free numbers of one of the three major credit bureaus to place a fraud alert on your credit report. This can help prevent identity theft by preventing new accounts from being opened in your name.
      • Equifax 1-800-525-6285 (P.O. Box 740241, Atlanta GA 30374-0241)
      • Experian 1-888-397-3742 (P.O. Box 9532, Allen, TX 75013)
      • TransUnion 1-800-680-7289 (Attn: Fraud Victims Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790)
    • Monitor your credit reports. Examine your reports closely for activity that you have not initiated.
    • Monitor your banking and credit card statements closely for activity that you have not initiated.
    • Visit the Federal Trade Commission Identity Theft website for information on protecting yourself from identity theft. (to Quick Finder and click on Identity Theft).

For more information

For more information, call 855-789-0923.


Patrick T. Jonas
CPRF President & CEO