Computer Security

Subterms

    Latest story

    138 Shares18 Views

    Musk Team’s Treasury Access Raises Security Fears, Despite Judge’s Ordered Halt

    by

    A federal judge’s order that Elon Musk’s team temporarily cease boring into the Treasury Department’s payment systems raises a far larger question: whether what Elon Musk has labeled the Department of Government Efficiency is creating a major cyber and national security vulnerability.The activities of Mr. Musk’s government cost-cutting effort, U.S. District Judge Paul A. Engelmayer said in his order on Saturday, risk “the disclosure of sensitive and confidential information” and render the Treasury’s systems “more vulnerable than before to hacking.”It is a risk that cybersecurity experts have been sounding alarms over in the past 10 days, as Mr. Musk’s band of young coders demanded access to the Treasury’s innermost systems. That access was ultimately granted by Scott Bessent, the newly confirmed Treasury secretary.But other than vague assurances that the new arrivals at the Treasury’s door had proper clearances, there was no description of how their work would be secured — and plenty of reason to believe that it would make it easier for Chinese and Russian intelligence services to target the Treasury’s systems.That was the central argument made by 19 attorneys general as they sought a temporary restraining order to get Mr. Musk’s workers out of the Treasury systems. And Judge Engelmayer endorsed it on Saturday, limiting access to existing Treasury officials until a hearing next week in front of a different federal judge.The government has maintained that Mr. Musk’s team has been limited to reviewing “read-only” data in the Treasury Department’s systems, though the administration is now placing appointees in positions where they could do much more.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    More stories

    • 163 Shares159 Views

      in Elections

      Partial Breach of Election Machine Passwords in Colorado Poses No Risk, State Says

      by

      Partial passwords for election machines that were accidentally leaked on the Colorado secretary of state’s website pose no threat to the system’s security, the secretary’s office said in a statement on Tuesday night.The passwords, which were exposed on a hidden tab in a spreadsheet online, were first revealed in a letter by Hope Scheppelman, the vice chair of the Colorado Republican Party. The passwords became visible when a user downloaded a voting systems inventory spreadsheet and clicked “unhide.”According to an affidavit that accompanied Ms. Scheppelman’s letter, the passwords had been exposed since at least August.But while the breach of password data is likely to erode confidence and invite disinformation in Colorado, there are multiple layers of security to protect the integrity of election machines in the state.Election machines are not connected to the internet, and they are required to be kept in secure rooms that require ID badges for entry. They also have “24/7 video camera recording on all election equipment,” according to the secretary of state’s office.Even if a person were to somehow gain access to a machine, the passwords revealed would not be sufficient.“There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties,” Jack Todd, a spokesman for the Colorado secretary of state, Jena Griswold, said in a statement. “Passwords can only be used with physical in-person access to a voting system.”The statement also said the exposure would not affect how ballots are counted.The department contacted the Cybersecurity and Infrastructure Security Agency in the Department of Homeland Security, whose officials told the office that they would monitor the situation.A representative for the Department of Homeland Security did not respond to a request for comment on Tuesday night.Chris Krebs, the former director of the security agency, said the breach of passwords “highlights the critical importance of the various compensating controls in place that protect our nation’s election systems.”“While this is an extremely unfortunate leak that may serve to undermine confidence in some circles and feed into conspiracy theories in others, it nonetheless has negligible if any technical impact on Colorado’s systems,” Mr. Krebs added.The breach of password data resonates in Colorado, a state where Tina Peters, an election official from Mesa County, concocted a brazen and bizarre breach of election machines after the 2020 election.She was recently sentenced to nine years in federal prison for her scheme. More

    • 150 Shares179 Views

      in Elections

      Commuters See ‘Islamophobic’ Message in Cyber Attack on Public Wi-Fi, Authorities Say

      by

      The British authorities are investigating after commuters at 19 train stations saw an Islamophobic message when they tried to log on to a public Wi-Fi system.The British authorities are investigating a cyberattack on Wednesday that they said displayed an anti-Muslim message on a public Wi-Fi system serving more than a dozen train stations around the country.Commuters who connected to a Wi-Fi service at stations for Network Rail, Britain’s national rail operator, were met with “Islamophobic messaging,” according to the British Transport Police, who oversee law enforcement on British rail networks. The police said they had received reports of the cyberattack just after 5 p.m. local time, and that they were leading an investigation into the incident. The service was quickly taken down, Network Rail said, and would remain down until security checks were completed.The issue emerged at 19 stations across Britain, including major transportation hubs in London, Edinburgh, Glasgow, Bristol and other cities, a spokesman for Network Rail said in a statement.Commuters attempting to log onto Wi-Fi at the stations were met with a webpage that said “We love you, Europe,” along with information related to terror attacks in Europe, The Manchester Evening News reported.The Wi-Fi was a “click-and-connect” service that did not collect any personal data and was operated by a third-party company, Telent, Network Rail’s statement said.Telent, a technology and communications company, on Thursday pointed to Global Reach, a provider that ran the Wi-Fi service’s landing page. Telent said in a statement that it had found that an “unauthorized change was made to the Network Rail landing page from a legitimate Global Reach administrator account.”British Transport Police were investigating the matter as a criminal case, Telent said, and no personal data was affected by the incident. But, as a precaution, it said, it had temporarily suspended all use of Global Reach services to confirm that none of its other customers had been impacted.Global Reach did not immediately respond to requests for comment on Thursday.Britain’s crime and cybersecurity agencies were also helping with the investigation, the Transport Police said on Thursday.The disruption follows another “cybersecurity incident” on Sept. 1 that targeted Transport for London, the agency that runs the city’s public transit network, in which hackers accessed the contact details of the agency’s customers, and potentially could view bank account details for some commuters. The cyberattack also affected the broadcasting of live train schedules online and payment systems.A 17-year-old was arrested in Walsall, a town in the West Midlands county of England, as part of the investigation into that attack, cybercrime authorities said this month. More

    • 188 Shares169 Views

      in Elections

      Man Who U.S. Says Faked Death to Avoid Child Support Gets 81 Months in Prison

      by

      The man, Jesse Kipf, hacked into state death registry systems to fake his own death in part to avoid paying more than $100,000 in child support, federal prosecutors said.A Kentucky man who prosecutors say hacked into state death registry systems to fake his own death — in part to avoid paying more than $100,000 in child support — was sentenced on Monday to 81 months in federal prison, the authorities said.According to federal prosecutors, the man, Jesse Kipf, 39, of Somerset, Ky., hacked into the Hawaii Death Registry System in January 2023 with the username and password of a doctor living in another state to create and certify his own death certificate.“This resulted in Kipf being registered as a deceased person in many government databases,” the U.S. Attorney’s Office for the Eastern District of Kentucky said in a news release on Tuesday. “Kipf admitted that he faked his own death, in part, to avoid his outstanding child support obligations.”In an arrangement with prosecutors, Mr. Kipf pleaded guilty in April to one count of computer fraud and one count of aggravated identity theft. Under the deal, other charges against him were dropped.Prosecutors, who cited Mr. Kipf’s criminal history, recommended a sentence of 84 months in prison, while his lawyer recommended 72 months. Both sides agreed that Mr. Kipf should pay $195,758.65 to cover child support he had failed to pay as well as damages related to government and corporate computer systems.Mr. Kipf, who was born in Hawaii, was divorced in 2008 in California and owed more than $116,000 in child support obligations to his daughter and her mother, according to court documents.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 150 Shares199 Views

      in Elections

      Trump Campaign Says It Was Hacked by Iranians, but Details Are Murky

      by

      For the third presidential election in a row, the foreign hacking of the campaigns has begun in earnest. But this time, it’s the Iranians, not the Russians, making the first significant move.On Friday, Microsoft released a report declaring that a hacking group run by the intelligence unit of Iran’s Islamic Revolutionary Guard Corps had successfully breached the account of a “former senior adviser” to a presidential campaign. From that account, Microsoft said, the group sent fake email messages, known as “spear phishing,” to “a high-ranking official of a presidential campaign” in an effort to break into the campaign’s own accounts and databases.By Saturday night, former President Donald J. Trump was declaring that Microsoft had informed his campaign “that one of our many websites was hacked by the Iranian Government — Never a nice thing to do!” but that the hackers had obtained only “publicly available information.” He attributed it all to what he called, in his signature selective capitalization, a “Weak and Ineffective” Biden administration.The facts were murkier, and it is unclear what, if anything, the Iranian group, which Microsoft called Mint Sandstorm, was able to achieve.Mr. Trump’s campaign was already blaming “foreign sources hostile to the United States” for a leak of internal documents that Politico reported on Saturday that it had received, though it is unclear whether those documents indeed emerged from the Iranian efforts or were part of an unrelated leak from inside the campaign.The New York Times received what appears to be a similar if not identical trove of data from an anonymous tipster purporting to be the same person who emailed the documents to Politico.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 163 Shares169 Views

      in Elections

      Scams Tied to the CrowdStrike Crash Have Bloomed. Here’s How to Stay Safe

      by

      People posing as airline customer service representatives may be making fraudulent attempts to access your money or private data, experts warn.In the hours after the American cybersecurity firm CrowdStrike deployed a flawed software update that crippled critical businesses and services around the world, scammers pounced.Government agencies and businesses have warned that the panic caused by the CrowdStrike crash on Friday has given criminals an opening to take advantage of customers who are looking to reschedule flights, access banking information or fix their technology.Here are some ways to guard against the fraudulent schemes.Scammers see an opportunity.CrowdStrike provides cybersecurity for some 70 percent of Fortune 100 companies, so the crash led to widespread failures that grounded planes, crippled businesses, disrupted 911 emergency systems and delayed banking transactions.Thieves online are using the confusion to carry out a variety of scams, including phishing attempts, the U.S. Cybersecurity and Infrastructure Security Agency said. The National Cyber Security Center in the United Kingdom issued a similar statement noting that an “increase in phishing referencing this outage has already been observed.”Scammers may look to get your money immediately by offering a product like a bogus plane ticket. But they could also be after personal identifying data that would allow them to access your finances in the future.What industries are being targeted?Because grounded planes caused frustrated customers to look to reschedule their flights, travel has been particularly subject to schemers, said Anton Dahbura, the executive director of the Information Security Institute at Johns Hopkins University.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 88 Shares99 Views

      in Elections

      Counting the Costs of the Microsoft-CrowdStrike Outage

      by

      A “historic” tech failure alarmed investors, after a security update caused problems for Microsoft devices and services, and took down businesses worldwide.A major IT outage involving Microsoft and CrowdStrike has caused major delays at airports around the world.Clemens Bilan/EPA, via ShutterstockThe glitch felt around the world Grounded flights, emergency services unreachable, payment systems not functioning — the world is assessing the damage caused by a cascade of IT outages that is spooking investors and grinding many businesses and government services to a halt.“This outage is historic in scale,” Mikko Hypponen, a research specialist at the software company WithSecure and a cybercrime adviser to Europol, told DealBook.The problem is being attributed to a tech upgrade gone wrong. All eyes are on CrowdStrike, the cybersecurity company. It issued a software update that is causing Microsoft systems, including its Azure cloud service, to crash or not function properly. George Kurtz, the C.E.O. of CrowdStrike, said on X that a fix is being deployed, adding it’s “not a security incident or cyberattack.”Here’s the latest: American, United and Delta had grounded flights, according to the F.A.A. Airlines in Europe and Asia, including Air France-KLM and Japan Airlines, also had reported delays or cancellations. Some had reported a partial return to service.Long queues of airline passengers could be seen at airports around the world, with some resorting to manual check-in. In France, the television networks TF1 and Canal+ told the public on X that they could not go on the air on Friday morning. Comcast’s Sky News in the U.K. also went dark for a spell.The incident points to how reliant the global economy is on a handful of major tech companies to run vital infrastructure. CrowdStrike, a major cybersecurity vendor, is taking the brunt of the hit. Its stock was down nearly 12 percent in premarket trading. Microsoft was down about 1.4 percent, and also said a resolution was forthcoming.Security has become a big focus in the cloud wars. Google is trying to bolster its cloud operations with an eye on cybersecurity. The company is in talks to buy Wiz, a New York-based cybersecurity firm, in what would be its biggest acquisition ever, and an effort to take market share from Microsoft.Expect tough questions about the business world’s computing systems. Financial regulators in the U.K. have already begun speaking with financial services companies to learn the extent of the damage on banks and payment companies, The Financial Times reports.In other IT news: A U.S. judge dismissed most claims against SolarWinds, an IT security company, and its chief information security officer; the S.E.C. had sued the company after it was hacked by Russian agents in 2020.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 125 Shares119 Views

      in Elections

      Google Close to Its Biggest Acquisition Ever, Despite Antitrust Scrutiny

      by

      The search giant’s negotiations to buy Wiz, a cybersecurity start-up, for $23 billion, come as the Biden administration has taken a hard line against consolidation in tech and other industries.Google, which became one of the world’s the most valuable companies through its search engine and other consumer internet services, is nearing its largest-ever acquisition to improve what it can offer to business customers.Google is in talks to buy Wiz, a New York-based cybersecurity start-up, according to three people with knowledge of the discussions, who were not authorized to discuss them. Wiz was last valued at $12 billion.The companies have valued the deal at roughly $23 billion, said one of the people, easily making it Google’s most expensive acquisition and nearly double what the company paid for Motorola Mobility in 2012.While a deal looks likely, talks could still fall apart, the people said.Google and Wiz did not respond to requests for comment. The Wall Street Journal earlier reported that the companies were discussing a deal.Google has moved forward with negotiations despite the possibility that regulators might try to block the deal. But the company may be willing to fight to beef up its cloud-computing division, which lags behind Amazon Web Services and Microsoft Azure.Google was sued by the Justice Department in two separate antitrust cases, one targeting its ubiquitous search engine and another seeking to break up its digital advertising-technology business. A verdict in the search case is expected this summer.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 163 Shares129 Views

      in Elections

      Are You an AT&T Customer? Here’s What to Know About the Data Breach

      by

      Nearly all AT&T customers were affected by a recent cyberattack.Nearly all customers of the telecommunications company AT&T were affected by a cyberattack that exposed phone records of calls and texts from May 2022 through October 2022, and on Jan. 2, 2023, the company said Friday.Although the company said the breach did not expose the contents of calls or texts or information such as Social Security numbers, passwords or other personally identifiable information, the information that was exposed can still threaten customers’ security.If you are an AT&T customer, here is what you need to know about the breach.How do I know if my records were exposed?AT&T will contact you by text, email or U.S. mail if your account was affected by the cyberattack, the company said.But AT&T also said that “nearly all” customers had been affected by the breach. So if you were a customer from May 1, 2022, to Oct. 31, 2022, or on Jan. 2, 2023, your phone logs were most likely exposed.What was exposed?The phone numbers that you texted and called, as well as how frequently you interacted with them, were exposed by the breach, the company said.Customers’ personal details, such as Social Security numbers and dates of birth, were not exposed. Nor were the contents of the calls and texts. Although customers’ names were not exposed by the breach, “there are often ways to find a name associated with a phone number using publicly available online tools,” AT&T said.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More