More stories

  • in

    Ex-Disney Worker Who Hacked Menus Gets 3 Years in Prison

    The fired employee admitted that he changed prices, added profanity, and altered menu items so they appeared to be free of certain allergens.A former employee of Walt Disney World who hacked into menus used by its restaurants and edited them — changing prices, adding profanity and altering listed allergens — was sentenced to three years in prison by a federal judge in Florida this week.None of the changes, including falsified information about food allergens that could have been harmful to visitors, ever appeared before the public, according to court records. The menu alterations were caught and court records show that none of the changes ever reached the printing stage.The former employee, Michael Scheuer of Winter Garden, Fla., was sentenced on Wednesday in federal court in Orlando, Fla., after pleading guilty in January to one count of computer fraud and one count of aggravated identity theft.Mr. Scheuer, 40, was ordered to pay restitution of about $620,000 to Disney and $70,000 to the unidentified software company that provides Disney with its menu creation program.While court documents do not mention Disney World, menus that were entered into evidence in Mr. Scheuer’s case are from the hundreds of restaurants at Walt Disney World in Orlando.Disney World representatives did not respond to messages seeking comment.In early June 2024, Mr. Scheuer had returned from paternity leave, court documents show. A few days later, he had an argument with a supervisor about menu creation, according to the documents, and he was told that he would be suspended.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

  • in

    Firing of National Security Agency Chief Rattles Lawmakers

    As soon as word spread that President Trump had fired Gen. Timothy D. Haugh, the head of the National Security Agency and U.S. Cyber Command, current and former administration officials began floating theories about why he had been let go.Had General Haugh opposed one of Mr. Trump’s initiatives, perhaps moved too slowly on purging officers who had worked on diversity issues? Or was he a casualty of the administration’s shifting priorities to counter narcotics?Whether any of that was true, it had little, if anything, to do with why he was fired.General Haugh was ousted because Laura Loomer, a far-right wing conspiracy theorist and Trump adviser, had accused him and his deputy of disloyalty, according to U.S. officials and Ms. Loomer’s social media post early Friday. He was one of several national security officials fired this past week on her advice.“I predict you are going to see some nonsense statement about some policy difference or something General Haugh wasn’t doing, but we all know what happened,” said Senator Angus King, a Maine independent who is on the intelligence and armed services committees. “Laura Loomer said it. She is the one who told Trump to fire him.”Senator Mitch McConnell, the Kentucky Republican and former majority leader, lamented that the Trump White House had ousted General Haugh and was appointing people to Pentagon posts who were skeptical of America’s engagement with allies and the world.“If decades of experience in uniform isn’t enough to lead the N.S.A. but amateur isolationists can hold senior policy jobs at the Pentagon, then what exactly are the criteria for working on this administration’s national security staff?” Mr. McConnell said. “I can’t figure it out.”We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

  • in

    Musk Team’s Treasury Access Raises Security Fears, Despite Judge’s Ordered Halt

    A federal judge’s order that Elon Musk’s team temporarily cease boring into the Treasury Department’s payment systems raises a far larger question: whether what Elon Musk has labeled the Department of Government Efficiency is creating a major cyber and national security vulnerability.The activities of Mr. Musk’s government cost-cutting effort, U.S. District Judge Paul A. Engelmayer said in his order on Saturday, risk “the disclosure of sensitive and confidential information” and render the Treasury’s systems “more vulnerable than before to hacking.”It is a risk that cybersecurity experts have been sounding alarms over in the past 10 days, as Mr. Musk’s band of young coders demanded access to the Treasury’s innermost systems. That access was ultimately granted by Scott Bessent, the newly confirmed Treasury secretary.But other than vague assurances that the new arrivals at the Treasury’s door had proper clearances, there was no description of how their work would be secured — and plenty of reason to believe that it would make it easier for Chinese and Russian intelligence services to target the Treasury’s systems.That was the central argument made by 19 attorneys general as they sought a temporary restraining order to get Mr. Musk’s workers out of the Treasury systems. And Judge Engelmayer endorsed it on Saturday, limiting access to existing Treasury officials until a hearing next week in front of a different federal judge.The government has maintained that Mr. Musk’s team has been limited to reviewing “read-only” data in the Treasury Department’s systems, though the administration is now placing appointees in positions where they could do much more.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

  • in

    China’s Hacking Reached Deep Into U.S. Telecoms

    The chairman of the Senate Intelligence Committee said hackers listened to phone calls and read texts by exploiting aging equipment and seams in the networks that connect systems.China’s recent breach of the innermost workings of the U.S. telecommunications system reached far deeper than the Biden administration has described, the chairman of the Senate Intelligence Committee said on Thursday, with hackers able to listen in on telephone conversations and read text messages.“The barn door is still wide open, or mostly open,” the Democratic chairman, Senator Mark Warner of Virginia, a former telecommunications executive, said in an interview on Thursday.Mr. Warner said he had been stunned by the scope and depth of the breach, which was engineered over the past year by a group linked to Chinese intelligence that has been named Salt Typhoon by Microsoft, whose cybersecurity team discovered the hack in the summer. Government officials have been struggling to understand what China obtained and how it might have been able to monitor conversations held by a number of well-connected Americans, including President-elect Donald J. Trump and Vice President-elect JD Vance.At first, the F.B.I. and other investigators believed that China’s hackers used stolen passwords to focus mostly on the system that taps telephone conversations and texts under court orders. It is administered by a number of the nation’s telecommunications firms, including the three largest — Verizon, AT&T and T-Mobile. But in recent days, investigators have discovered how deeply China’s hackers had moved throughout the country by exploiting aging equipment and seams in the networks connecting disparate systems.U.S. officials said that since the hack was exposed, the Chinese intruders had seemingly disappeared, suspending their intrusion so their full activity could not be discovered. But Mr. Warner said it would be wrong to conclude that the Chinese had been ousted from the nation’s telecommunications system, or that investigators even understood how deeply they were embedded.“We’ve not found everywhere they are,” Mr. Warner said.The committee has received briefings from the government on the hack, and Mr. Warner has had conversations with telecommunications executives.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

  • in

    Georgia secretary of state fends off cyberattack targeting absentee ballot website.

    Georgia’s secretary of state warded off a cybersecurity threat this month against what was most likely an attack by a foreign country targeting its website that voters can use to request absentee ballots.An unusual spike in users on the site appeared to be an attempt to shut it down. There were ultimately no disruptions to absentee ballot access. State and local election officials have faced increasing threats, both to their operations and physical safety, that have made the otherwise mundane, bureaucratic work of election management increasingly risky.The secretary of state’s office thwarted a sudden rise in users trying to access the site on Oct. 14, a tactic sometimes used by hackers to send a website offline by overwhelming it with requests, WSB-TV, a broadcaster in Atlanta, reported. A spokesman for the Georgia secretary of state confirmed this reporting.“We saw a spike of around 420,000 individual entities attempting to access the absentee ballot portal,” Gabe Sterling, an official in the secretary of state’s office, told WSB-TV. “We identified it and attempted to mitigate it immediately, and you see it start to drop back down.”Mr. Sterling also said that the attack may have come from a foreign country, although details were not clear.This is not the first cybersecurity threat Georgia election officials have faced. In 2022, a group of allies to former President Donald J. Trump tried to access voter data in Coffee County. The county also faced its own cybersecurity attack this year, according to CNN. Poll workers have faced threats of violence around the country. More

  • in

    Commuters See ‘Islamophobic’ Message in Cyber Attack on Public Wi-Fi, Authorities Say

    The British authorities are investigating after commuters at 19 train stations saw an Islamophobic message when they tried to log on to a public Wi-Fi system.The British authorities are investigating a cyberattack on Wednesday that they said displayed an anti-Muslim message on a public Wi-Fi system serving more than a dozen train stations around the country.Commuters who connected to a Wi-Fi service at stations for Network Rail, Britain’s national rail operator, were met with “Islamophobic messaging,” according to the British Transport Police, who oversee law enforcement on British rail networks. The police said they had received reports of the cyberattack just after 5 p.m. local time, and that they were leading an investigation into the incident. The service was quickly taken down, Network Rail said, and would remain down until security checks were completed.The issue emerged at 19 stations across Britain, including major transportation hubs in London, Edinburgh, Glasgow, Bristol and other cities, a spokesman for Network Rail said in a statement.Commuters attempting to log onto Wi-Fi at the stations were met with a webpage that said “We love you, Europe,” along with information related to terror attacks in Europe, The Manchester Evening News reported.The Wi-Fi was a “click-and-connect” service that did not collect any personal data and was operated by a third-party company, Telent, Network Rail’s statement said.Telent, a technology and communications company, on Thursday pointed to Global Reach, a provider that ran the Wi-Fi service’s landing page. Telent said in a statement that it had found that an “unauthorized change was made to the Network Rail landing page from a legitimate Global Reach administrator account.”British Transport Police were investigating the matter as a criminal case, Telent said, and no personal data was affected by the incident. But, as a precaution, it said, it had temporarily suspended all use of Global Reach services to confirm that none of its other customers had been impacted.Global Reach did not immediately respond to requests for comment on Thursday.Britain’s crime and cybersecurity agencies were also helping with the investigation, the Transport Police said on Thursday.The disruption follows another “cybersecurity incident” on Sept. 1 that targeted Transport for London, the agency that runs the city’s public transit network, in which hackers accessed the contact details of the agency’s customers, and potentially could view bank account details for some commuters. The cyberattack also affected the broadcasting of live train schedules online and payment systems.A 17-year-old was arrested in Walsall, a town in the West Midlands county of England, as part of the investigation into that attack, cybercrime authorities said this month. More

  • in

    After CrowdStrike Causes Outage, Are U.S. Networks Safe?

    With each cascade of digital disaster, new vulnerabilities emerge. The latest chaos wasn’t caused by an adversary, but it provided a road map of American vulnerabilities at a critical moment.In the worst-case scenarios that the Biden administration has quietly simulated over the past year or so, Russian hackers working on behalf of Vladimir V. Putin bring down hospital systems across the United States. In others, China’s military hackers trigger chaos, shutting down water systems and electric grids to distract Americans from an invasion of Taiwan.As it turned out, none of those grim situations caused Friday’s national digital meltdown. It was, by all appearances, purely human error — a few bad keystrokes that demonstrated the fragility of a vast set of interconnected networks in which one mistake can cause a cascade of unintended consequences. Since no one really understands what is connected to what, it is no surprise that such episodes keep happening, each incident just a few degrees different from the last.Among Washington’s cyberwarriors, the first reaction on Friday morning was relief that this wasn’t a nation-state attack. For two years now, the White House, the Pentagon and the nation’s cyberdefenders have been trying to come to terms with “Volt Typhoon,” a particularly elusive form of malware that China has put into American critical infrastructure. It is hard to find, even harder to evict from vital computer networks and designed to sow far greater fear and chaos than the country saw on Friday.Yet as the “blue screen of death” popped up from the operating rooms of Massachusetts General Hospital to the airline management systems that keep planes flying, America got another reminder of the halting progress of “cyber resilience.” It was a particularly bitter discovery then that a flawed update to a trusted tool in that effort — CrowdStrike’s software to find and neutralize cyberattacks — was the cause of the problem, not the savior.Only in recent years has the United States gotten serious about the problem. Government partnerships with private industry were put together to share lessons. The F.B.I. and the National Security Agency, along with the Cybersecurity and Infrastructure Security Agency at the Homeland Security Department, issue bulletins outlining vulnerabilities or blowing the whistle on hackers.President Biden even created a Cyber Safety Review Board that looks at major incidents. It is modeled on the National Transportation Safety Board, which reviews airplane and train accidents, among other disasters, and publishes “lessons learned.”We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

  • in

    Are You an AT&T Customer? Here’s What to Know About the Data Breach

    Nearly all AT&T customers were affected by a recent cyberattack.Nearly all customers of the telecommunications company AT&T were affected by a cyberattack that exposed phone records of calls and texts from May 2022 through October 2022, and on Jan. 2, 2023, the company said Friday.Although the company said the breach did not expose the contents of calls or texts or information such as Social Security numbers, passwords or other personally identifiable information, the information that was exposed can still threaten customers’ security.If you are an AT&T customer, here is what you need to know about the breach.How do I know if my records were exposed?AT&T will contact you by text, email or U.S. mail if your account was affected by the cyberattack, the company said.But AT&T also said that “nearly all” customers had been affected by the breach. So if you were a customer from May 1, 2022, to Oct. 31, 2022, or on Jan. 2, 2023, your phone logs were most likely exposed.What was exposed?The phone numbers that you texted and called, as well as how frequently you interacted with them, were exposed by the breach, the company said.Customers’ personal details, such as Social Security numbers and dates of birth, were not exposed. Nor were the contents of the calls and texts. Although customers’ names were not exposed by the breach, “there are often ways to find a name associated with a phone number using publicly available online tools,” AT&T said.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More