Game Cheats 1337 Dirty Bomb
Game Cheats 1337 May 4, 2015 Frontline Commando WW2 Hack can be used to get free Gold, Gems and Warcash as well as unlimited Energy, Health or unlocking weapons instantly, all for free!
Dirty Bomb Cheats and Cheat Codes, PC. Web Media Network Limited, 1999 - 2020. This site is not affiliated in any way with Microsoft, Sony, Sega, Nintendo or any video game publishers. Dirty Bomb Cheats and Cheat Codes, PC. Web Media Network Limited, 1999 - 2020. This site is not affiliated in any way with Microsoft, Sony, Sega, Nintendo or any video game publishers. Dirty Bomb is a first person team shooter that’s a free to play MMO (massively multiplayer online) role-playing game. Dirty Bomb was developed by Splash Damage, the traditional creator of Wolfenstein: Enemy Territory. Dirty Bomb is a slick, fast-paced, shooter for.
Game Cheats 1337 Dirty Bomber
Game Cheats 1337 Dirty Bombs
Game Cheats 1337 Dirty Bomb Game
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.42.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Anonymous hacks NSA's Bluffdale facility (Henry Baker)
'Apple Offers to Buy CryptoWall for $10 Billion' (Henry Baker)
Apple Agrees to DoJ Encryption Demands (Mark Thorson)
Apple, FBI reach historic public key escrow agreement (Henry Baker)
Advances in Autonomous Burgerdom? (PGN)
Re: Pentagon skips tests on key component of U.S.-based missile defense
system (Fred Cohen)
Heating up deep sea water to reduce global warming (Fred Cohen)
1,418 remotely exploitable flaws found in automated medical supply system
(Darlene Storm via Drew Dean)
2000 tons of nuclear materials `just aren't secure as they need be' (Al Mac)
How to Hack an Election (Bloomberg)
Tech titans release new email security standard (Michelle Goodman via DH)
CNBC passwords, mother board (boingboing)
The Apple-FBI Battle Is Over, But the Crypto Wars Have Just Begun (WiReD)
Should hackers help the FBI? (NYTimes)
Hackers Seek Ransom From Two More California Hospitals (Chad Terhune)
Smooth Criminal: Meet USB Thief, Malware That Can Attack Systems Without
Leaving Any Trace (Santiago Tiongco)
More background on the MedStar fiasco (Al Mac)
Why Ransomware loves Hospitals (Al Mac)
Re: Bangladesh bank heist to Philippines to Chinese (sundry sources via Al Mac)
Stefan Savage receives RISKS-relevant award (ACM/Infosys Foundation)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Fri, 1 Apr 2016 00:51:00 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: Anonymous hacks NSA's Bluffdale facility
FYI -- This just in...
Bluffdale, UT -- April 1, 2016 -- Hacker cooperative Anonymous today
announced that they have successfully hacked the NSA's massive Bluffdale,
UT, data storage complex and encrypted all of its petabytes of data with
ransomware.
According to an Anonymous spokesperson 'sneaker', 'This is the largest
encryption operation ever attempted, and the Salt Lake City lights dimmed
measurably throughout the computationally intensive process.'
Anonymous continued, 'We are not holding this data hostage nor are we asking
for any Bitcoins. We will leave the decryption keys to this data under the
front doormat of a U.S. government facility somewhere in the world.'
An NSA spokeswoman said that she 'could neither confirm nor deny' the
Anonymous claims, but she did admit that whenever snow fell on the Bluffdale
facility, it immediately melted.
Anonymous was able to hack into the Bluffdale facility via a simple e-mail
phishing attack that promised cheats, mods and hacks of the Minecraft video
game.
A retired DoD official 'close to the NSA' said that it took an entire year
for Anonymous to encrypt all these petabytes of data, but NSA hadn't noticed
because the Bluffdale stores only internationally intercepted data, which
NSA seldom -- if ever -- examines.
Story developing...
------------------------------
Date: Fri, 1 Apr 2016 00:12:21 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: 'Apple Offers to Buy CryptoWall for $10 Billion'
'Apple Offers to Buy CryptoWall for $10 Billion'
'Plans to dominate the burgeoning data protection market'
One Infinite Loop, Cupertino, CA -- April 1, 2016 -- Apple Computer today
announced its plan to purchase the data protection business CryptoWall for
$10 billion. The deal is expected to close before the end of 2016 after
securing the approval of regulators.
Apple CEO Tim Cook laid out the rationale for the purchase: 'Apple Computer
has always insisted upon the privacy and security of its customers. We were
the first to incorporate default full-disk encryption, and CryptoWall is
the obvious next step in protecting our customers' data confidentiality.'
'CryptoWall's product is in daily use by government agencies, businesses,
and ordinary citizens; they have the best name recognition and brand image
in theWe have to thank FBI Director Jim Comey for continuing to insist upon
thinking out of the box; he thought all along that the tekkies in Silicon
Valley would eventually be able to come up with an equitable solution for
all parties. We and the FBI have been working around the clock for the past
several months and this cooperation has finally paid off.'
'We at Apple have agreed to put all of our customers' public keys into an
escrow database managed by the FBI. When a court so orders, the FBI can
search this database and produce any particular customer's public key,' said
Apple CEO Tim Cook.
FBI's Jim Comey enthusiastically supports the new key-escrow system. 'Back
in the '90's, there were many key escrow suggestions that just couldn't be
made to work. But this new key-escrow system -- which I named 'public key
escrow' -- is an idea whose time has finally arrived.'
MIT Professor Ronald Rivest -- the 'R' in the 'RSA' public-key cryptographic
system devised in the 1970's -- said 'The idea of putting the public key
into an escrowed database managed by a trusted third party never occurred to
any of the three of us during the past 40 years.' Rivest continued, 'Now
that this 'public key escrow' idea is out there, I can see other potential
applications -- such as hiding one's public key under his own front
doormat.'
Whit Diffie -- one of the inventors of the Diffie-Hellman exchange so
critical to e-commerce today -- praised the innovative thinking behind the
public key escrow system, 'It's nice to see that both Apple and the FBI will
be able to save face and claim victory here; this is a win-win solution for
everyone.'
Apple's Cook added, 'We believe we can trust the FBI with our users' public
keys; after all, our country has trusted the FBI with so many citizens'
private data ever since its founding by J. Edgar Hoover in 1924. Apple is
also pleased that the FBI has stepped up to operate this 'public key escrow'
database; the Internet industry has had trouble coming up with a business
model to support this activity.'
[I simply don't know how all of these four items could all appear in the
same issue, even though it is 1 April 2016! PGN]
------------------------------
Date: Fri, 1 Apr 2016 01:23:58 PDT
From: 'Peter G. Neumann' <neu...@csl.sri.com>
Subject: Advances in Autonomous Burgerdom?
In-and-Out Burger is reportedly contemplating some experimental
installations involving completely automated operations at selected
locations around the U.S. The concept does away with local managers,
counter personnel, cooks, clean-up staff, and other employees, and would use
advanced robotics. It could vastly increase the potential size of their
so-called Secret Menu [*] -- permitting selections from among your own
individualized computer-stored customer profiles, specifying your favorite
alternative combinations of ingredients to which you can give your own
creative names (rather than having locally famous people's names). Their
automation is expected to greatly reduce operational costs, while enabling
the company to guarantee that no jobs would be shipped off-shore. Employees
having to pay taxes on tips would be avoided completely. The company press
release indicates they will use secure computing to hinder surveillance by
governments and competitors. while keeping your own preferences private.
However, based on your past orders, they may suggest that you might be
interested in emerging new options -- based on your historical profile. For
example, they might offer mathematicians items such as the Fibonacci Burger,
which is expected to grow on you organically. Ethereum will be a favored
unconventional currency, because of its Turing-complete smart contracts.
Real-time individualized anomaly detection will ensure both quality and
safety of delivered and served food and beverages. I&OB's Corporate
executives and their techies appear to be on the cutting edge of
personalized burgerdom, well aware of recent advances in both artificial
intelligence and security that could greatly increase both efficiency and
security. Financial backers may see this as a harbinger for a new wave of
completely automated restaurants -- although problems might arise such as
when the just-in-time food supplies do not arrive just-in-time, or when your
steak is overcooked. Progress in restaurant automation could also be spun
off into the Internet of Things, exploiting experience gained in robotic
service and maintenance.
* Secret? Perhaps it uses Hambermorphic Encryption? PGN
------------------------------
Date: Sat, 19 Mar 2016 06:24:14 -0700
From: Fred Cohen <f...@all.net>
Subject: Re: Pentagon skips tests on key component of U.S.-based missile
defense system (Willman, RISKS-29.36)
[Peter, Even though my response is in fact rational, it belongs in the
April 1 issue.]
Assuming the facts are correct at stated (which they rarely are), this
sounds as if at least two people should go to jail, and likely many more as
co-conspirators.
For the workers in the US government, in particular the military, it's
called treason, and since we are at war with ISIS, I believe the penalty is
death. Military tribunal is called for.
The lesser charge of fraud should be charged against the non-government
employees, and of course their companies should be debarred from further US
government work until the companies return all monies in excess of the
original bid and produce a working product. Note they should also have to
pay all late penalties associated with not delivering on time.
Fred Cohen - 925-454-0171 - All.Net & Affiliated Companies
http://all.net/ PO Box 811 Pebble Beach, CA 93953
------------------------------
Date: Sat, 19 Mar 2016 06:36:55 -0700
From: Fred Cohen <f...@all.net>
Subject: Heating up deep sea water to reduce global warming
[Re: Microsoft servers to bottom of ocean (I-HLS), RISKS-29.36. PGN]
Another true one for April 1:
A project currently being proposed will heat up deep sea water to reduce
global warming.
The project is intended to take the periodic cold water upsurges from the
Monterey Bay deep sea canyon and use them to cool a major datacenter to be
placed near the shore. The proponents state that the computers will then be
used to model the change in the ocean temperatures by those studying global
climate change. They will also provide the first ecologically sound major
data center in the central coast area, which will also support other
research and business development. Waste water from the plant will be used
to warm up pools used to help recovering sea mammals who get sick from
domoic acid (also associated with climate impacts of warmer sea
temperatures) -- which increases algae and accumulates in shellfish,
sardines, and anchovies. [For non-Californians, I note that domoic acid
essentially demolished (domolished?) the crab season, which was shut down
this year until just a few days ago. PGN]
On an unrelated [???] story, the recent collapse of shellfish populations in
the area is being addressed by a ban on fishing in protected fisheries in
the Monterey Bay area. The reason behind the collapse is unknown, but will
be studied by placing additional ultra-high-speed computing resources at the
planned Monterey Bay data center. The loss in shellfish is being replaced by
local restaurants by new sardine-based dishes.
------------------------------
Date: Thu, 31 Mar 2016 12:12:37 -0700
From: Drew Dean <dd...@csl.sri.com>
Subject: 1,418 remotely exploitable flaws found in automated medical supply
system (Darlene Storm)
Hard to believe, but that really is the headline. To the Pyxis' credit, they
appear to have handled the situation much better than most.
Darlene Storm, Computerworld, 30 Mar 2016
Excerpts:
Security researchers found 1,418 remotely exploitable flaws in CareFusion's
Pyxis SupplyStation medical dispensing system. 715 of those vulnerabilities
in ``automated supply cabinets used to dispense medical supplies' have a
severity rating of high or critical.
The Pyxis SupplyStation system is a 'secure storage device; for medical
supplies that documents supply usage and interfaces with software to bill
the patient. The vulnerabilities can be exploited remotely and exploits for
targeting the flaws are publicly available, the ICS-CERT advisory
notes. Wait, it gets better as it apparently would not require a l33t [for
those behind the times, this refers to *leetspeak*, also known as *leet*,
*eleet*, and even 1337; PGN] hacker to exploit the medical system. ICS-CERT
noted, ``An attacker with low skill would be able to exploit many of these
vulnerabilities.' ...
There are numerous Pyxis software versions affected (8.0, 8.1.3, 9.0, 9.1,
9.2 and 9.3) running on Server 2003 or XP, but since those versions are
running end-of-life software, “a patch will not be provided.” ...
Ahmadi first sent notification of the vulnerabilities to the FDA, he said,
which sent the report on to DHS ICS-CERT. While communicating with ICS-CERT
and CareFusion, Ahmadi said he was impressed that CareFusion – now BD – “did
not deny any of the vulnerabilities existed, and also offered up all
affected systems, voluntarily for use in the advisory.”
Ahmadi said it is important to note “that the issues are in the third-party
packages, which we have been preaching about for the last several years. Up
to 90% of the software used in development today is third-party.”
The 1,418 bugs are present in seven third-party software packages including
Microsoft Windows XP, Sybase SQL Anywhere 9, Symantec Antivirus 9 and
Symantec pcAnywhere 10.5.
CareFusion is attempting to contact affected customers and advising them to
upgrade. Otherwise, ICS-CERT has the list of CareFusion's suggested
mitigations for customers using legacy operating systems.
http://www.computerworld.com/article/3049361/security/1-418-remotely-exploitable-flaws-found-in-automated-medical-supply-system.html
Drew Dean, Computer Science Laboratory, SRI International
[Cave Con-em! PGN]
------------------------------
Date: Thu, 31 Mar 2016 15:43:08 -0500
From: 'Alister Wm Macintyre (Wow)' <macwh...@wowway.com>
Subject: 2000 tons of nuclear materials `just aren't secure as they need be'
2,000 tons of nuclear material may not be well secured.
http://www.emergencyemail.org/newsemergency/anmviewer.asp?a=5454
https://gwtoday.gwu.edu/nuclear-materials-just-aren't-secure-they-need-be'
http://www.defenseone.com/ideas/2016/03/all-too-human-reason-nuclear-material-isnt-secure-enough/126864/
There are lots of stories about missing nuclear material. The missing WMD
of Iraq, claimed in the 1st Gulf War, may have gone to Iran; or may have
been a false statement by a prisoner of torture, telling what he thinks the
torturers wanted to hear; or a false statement by anti-Saddam movement
thinking that will bring in the American rescuers.
https://fas.org/article/u-s-military-nuclear-material-unaccounted-missing-action-just-sloppy/
http://www.cnn.com/2016/02/29/americas/mexico-radioactive-device-missing/
https://www.washingtonpost.com/news/worldviews/wp/2013/12/06/this-alarming-map-shows-dozens-of-nuclear-materials-thefts-and-losses-every-year/
http://www.nti.org/analysis/articles/2012-nis-nuclear-trafficking/
What could go wrong?
Terrorists could deliver dirty bombs to disrupt commerce through busy ports,
canals, government and financial centers, and their usual mass attack sites.
One target might be the facilities they are constantly stealing the
materials from, if they begin to have competent security.
Criminals could announce that such a dirty bomb has been planted some place,
and in exchange for a large sum of money, they will reveal where it is, but
if they are not paid within a week, they will let it go off.
At nuclear power plants, where security is a joke, attackers could seize
them, like they have hijacked airliners, taken over hotels etc. In such an
attack, they might try to dynamite, or otherwise disrupt the concrete
basement which is designed to stop a melt down from exiting. Then they
would trigger a melt down accident on purpose.
Terrorists could work on making a real atomic bomb.
Arms smugglers may deliver more enriched uranium to Iran, North Korea, and
other nations not supposed to have any more.
We may be hearing about this thanks to the 2016 Nuclear Security Summit
(NSS) at the Walter E. Washington Convention Center in Washington, DC from
March 31 - April 1, 2016
https://www.whitehouse.gov/the-press-office/2016/03/29/fact-sheet-nuclear-security-summits-securing-world-nuclear-terrorism
https://content.govdelivery.com/attachments/USDHSFEMA/2016/03/31/file_attachments/525467/FEMA%2BDaily%2BOps%2BBriefing%2B03-31-2016.pdf
------------------------------
Date: Fri, 31 Mar 2016 17:12:57 PDT
From: 'Peter G. Neumann' <neu...@csl.sri.com>
Subject: How to Hack an Election (Bloomberg)
Jordan Robertson, Michael Riley, and Andrew Wills, Bloomberg, 31 Mar 2016
http://www.bloomberg.com/features/2016-how-to-hack-an-election/
Andres Sepulveda rigged elections throughout Latin America for almost a
decade. He tells his story for the first time [perhaps in hopes of
getting his sentence reduced!]
In July 2015, Sepulveda sat in the small courtyard of the Bunker, poured
himself a cup of coffee from a thermos, and took out a pack of Marlboro
cigarettes. He says he wants to tell his story because the public doesn't
grasp the power hackers exert over modern elections or the specialized
skills needed to stop them. ``I worked with presidents, public figures with
great power, and did many things with absolutely no regrets because I did it
with full conviction and under a clear objective, to end dictatorship and
socialist governments in Latin America. I have always said that there are
two types of politics -- what people see and what really makes things
happen. I worked in politics that are not seen.'
------------------------------
Date: Wed, Mar 23, 2016 at 4:30 AM
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: Tech titans release new email security standard
[Note: This item comes from friend Steve Goldstein. DLH]
Tech titans release new email security standard
Michelle Goodman, FierceCIO, 22 Mar 2016
http://www.fiercecio.com/story/tech-titans-release-new-email-security-standard/2016-03-22
Thanks to a collaboration among developers from Google, Microsoft, Yahoo,
Comcast, LinkedIn and 1&1 Mail and Media Development and Technology, email
security is getting a much needed overhaul.
This engineering dream team has outlined a new safeguard -- called SMTP
Strict Transport Security -- in a draft that's up for consideration as an
Internet Engineering Task Force standard. SMTP Strict Transport Security
would enable email providers to create policies and rules for sending and
receiving encrypted email over the Internet.
Such a mechanism is long overdue. SMTP, or Simple Mail Transfer Protocol,
was established in 1982 and did not allow for encryption. In 2002, the
STARTTLS extension was added to the protocol to improve security of SMTP
connections. But for the most part, email providers lagged in adopting
STARTTLS.
All that changed in 2013, when Edward Snowden revealed the prevalence of
email and other online surveillance by various government intelligence
agencies. As InfoWorld reported, today STARTTLS is fairly ubiquitous in
Internet messaging. Only problem is, the protocol can easily be decrypted or
otherwise compromised.
Enter the new SMTP Strict Transport Security mechanism, which takes a number
of steps to eliminate these vulnerabilities.
Just how vulnerable is today's email? Google has found that among Gmail
users, 83 percent of outgoing messages sent to other email providers around
the globe are encrypted. Incoming emails from other providers worldwide fare
much worse though, with just 69 percent of them arriving encrypted.
As InfoWorld noted, the level of email encryption varies throughout the
world. For instance, Asian and African email providers are much less
reliable than those based in Europe and the U.S.
The Internet Engineering Task Force isn't the only team of engineers working
on the email encryption problem. Last week, the privacy-minded Swiss startup
ProtonMail launched a free, encrypted email service that's supposedly
impossible for governments to crack. [...]
Draft of the new standards:
https://tools.ietf.org/html/draft-margolis-smtp-sts-00
------------------------------
Date: Wed, 30 Mar 2016 12:43:12 -0500
From: 'Alister Wm Macintyre (Wow)' <macwh...@wowway.com>
Subject: CNBC passwords, mother board (boingboing)
Many things on the Internet are broken, including some people trying to
teach the public about cyber security guidelines.
CNBC offered users a way to test passwords to allegedly find one which was
pretty good, and test any you are now using.
However, this password tutorial had a number of flaws.
* Its password testing form was transmitted in the clear, which means that
anyone who shared your Internet connection (that is, everyone on the same
WiFi or neighborhood-wide cable modem connection as you) could see you
sending it.
* CNBC website doesn't use HTTPS web encryption.
* The way that CNBC's website was set up, all 30 of the advertisers, whose
ads appeared on the page, could also spy on your password.
* CNBC sent all the passwords it received to a Google Doc spreadsheet
(itself a prime target for hacking/breaching), despite a notice that said,
'No passwords are being stored.'
* CNBC's system wasn't very good at scoring passwords, giving them higher
grades than they deserved.
http://boingboing.net/2016/03/30/cnbcs-secure-password-tutori.html
http://motherboard.vice.com/read/cnbc-tried-and-massively-failed-to-teach-people-about-password-security
CNBC has taken this down, but you can see an archive of it here:
https://archive.is/kaczF
------------------------------
Date: Wed, 30 Mar 2016 08:27:01 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: The Apple-FBI Battle Is Over, But the Crypto Wars Have Just Begun
The Apple-FBI Battle Is Over, But the Crypto Wars Have Just Begun
http://www.wired.com/2016/03/apple-fbi-battle-crypto-wars-just-begun/
------------------------------
Date: Wed, 30 Mar 2016 10:16:54 PDT
From: 'Peter G. Neumann' <neu...@csl.sri.com>
Subject: Should hackers help the FBI?
Room for Debate, with debaters Fred Kaplan, Alan Butler, Katie Moussouris,
and Matt Blaze
http://www.nytimes.com/roomfordebate/2016/03/30/should-hackers-help-the-fbi/constantly-bolstering-computer-security-is-vital
------------------------------
Date: Mon, Mar 28, 2016 at 11:59 PM
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: Hackers Seek Ransom From Two More California Hospitals
Chad Terhune)
[Note: This item comes from friend Steve Goldstein. DLH]
Hackers Seek Ransom From Two More California Hospitals
Chad Terhune, Medscape, 24 Mar 2016
<http://www.medscape.com/viewarticle/860921>
Hackers demanded a ransom from two more Southern California hospitals last
week and federal authorities are investigating the case.
Prime Healthcare Services Inc., a fast-growing national hospital chain, said
the attackers infiltrated computer servers on Friday at two of its
California hospitals, Chino Valley Medical Center in Chino and Desert Valley
Hospital in Victorville.
The company said the cyberattack had not affected patient safety or
compromised records on patients or staff.
Two sources familiar with the investigation said the hackers had demanded a
ransom to unlock the hospital computer systems, similar to what happened
last month at Hollywood Presbyterian Medical Center in Los Angeles.
Hollywood Presbyterian said it paid $17,000 in bitcoin to hackers to regain
access to the institution's computers.
Fred Ortega, a spokesman for Prime Healthcare, declined to comment on
whether Prime received a ransom demand or paid any money, citing the ongoing
investigation. ``This is similar to challenges hospitals across the country
are facing, and we have taken extraordinary steps to protect and
expeditiously find a resolution to this disruption, The concern now is to
let law enforcement do their thing and find the culprit.'
FBI spokeswoman Laura Eimiller said Tuesday ``we are investigating a
compromise of the network at these locations.' She declined to discuss
specifics of the case. The FBI also has been investigating the attack at
Hollywood Presbyterian.
Ortega said the two hospitals affected remain operational and steps are
being taken to restore their computer systems to full functionality. He said
some IT systems were shut down by hospital staff as a preventive measure so
malicious software didn't spread further.
The company said it's working with data security experts and the California
Department of Public Health on the matter.
Prime Healthcare, based in Ontario, Calif., has acquired struggling
hospitals across the country and has become one of the nation's largest
health systems. It runs 42 hospitals in 14 states. The company is led by its
outspoken chairman and chief executive, Dr. Prem Reddy.
A series of high-profile data breaches in the past year have raised fresh
questions about the ability of hospitals, health insurers and other medical
providers to safeguard the vast troves of electronic medical records and
other sensitive data they are stockpiling on millions of Americans.
------------------------------
Date: Mon, Mar 28, 2016 at 11:32 PM
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: Smooth Criminal: Meet USB Thief, Malware That Can
Attack Systems Without Leaving Any Trace (Santiago Tiongco)
[Note: This item comes from friend Steve Goldstein. DLH]
Santiago Tiongco, Tech Times, 26 Mar 2016
http://www.techtimes.com/articles/144306/20160326/smooth-criminal-meet-usb-thief-a-malware-that-can-attack-systems-without-leaving-any-trace.htm
Another new malware has surfaced, but this one is unlike the others. This
alarmingly stealthy trojan cannot be copied or replicated and it can set up
camp in your computer without you ever having a clue.
Nicknamed 'USB Thief' by security experts from the ESET antivirus firm,
this new USB trojan is equipped with self-protecting mechanisms that enable
it to escape detection. It can even infiltrate air-gapped systems, making
it an exceptionally useful tool in industrial as well as cyber espionage.
In relation to this malware's ability to access air-gapped computers - that
is, computers not connected to the Internet for security reasons - the
trojan is introduced to a system via USB devices that contain portable
installers of widely-used applications such as Firefox, NotePad++, and
TrueCrypt. USB Thief exploits this trend by penetrating the command chain of
these applications either as a plugin or a dynamically linked library (DLL),
which is why each time you run the application, the trojan is also executed
in the background.
A key aspect of this malware is that it has a highly sophisticated
mechanism for self-protection against copying or reverse engineering by
employing two operations: AES128 encryption of certain files and generation
of filenames from cryptographic elements.
First, an AES encryption key is computed from that unique USB device ID and
certain disk details from the USB drive hosting the malware, which means the
malware can only successfully run on that one particular USB device.
Second, the naming of the subsequent file in the malware execution chain is
based on actual file content and its creation time, effectively making the
file names different for every instance of this trojan. Because of these
techniques, copying or reproducing the malware is virtually impossible.
In addition to the malware's multi-step self-protection and ability to not
leave any trace on the targeted computer, its <macwh...@wowway.com>
Subject: More background on the MedStar fiasco (RISKS-29.41)
MedStar http://www.medstarhealth.org/ is a $ 5 billion non-profit health
care provider which operates 10 hospitals and 120-250 clinics (conflicting
news stories) serving the Baltimore Maryland area including Virginia and
Washington DC, so it will probably get much more news coverage than the
almost 2,000 other victims of Ransomware. MedStar treated 4.5-million
patients in 2015. They have 30,000 employees and 6,000 affiliated
physicians.
https://en.wikipedia.org/wiki/MedStar_Health
There are different kinds of cyber security incidents, happening at a high
rate of speed. With some, they release necessary details, then soon the
public forgets, in the wake of hundreds of incidents reported at other
places, but looks like MedStar is operating on the dribble approach, let
info dribble out as they figure things out, and permit any of the 30,000
employees to speak with the media, which guarantees that with each drop of
additional info, news media around the world will be trumpeting the story
again, so this place's problems will be remembered for much longer than most
others.
Initially they said virus, no evidence any info stolen, too early to say
ransomware, no disruption to health care for patients.
Now we know it is ransomware, and there has been disruption to patients and
their families.
We also know, that to install the ransomware, the hackers had to have had
access to PII of patients, employees, their medical records, financial info,
all of the computer records impacted, which invokes some laws regarding
disclosure of numbers of people potentially at risk of breach.
Later info may dribble out from investigations, to refresh the news stories.
This close to DC, Congress will probably hold hearings on this and other
similar incidents.
http://www.zdnet.com/article/virus-hits-medstar-health-hospital-network-but-denies-data-theft/
When the first stories came out about the apparent virus attack on MedStar,
we were not being told many details.
On Monday 28 Mar morning, the hospital discovered the problem, that many
computer access points had been attacked, so they shut the whole system down
to try to stop the spread of whatever it was. That afternoon, they released
a statement about the situation on their web site, and Facebook page.
The shutdown impacts access to Electronic Health Records (EHR), e-mail,
laboratory results, financials, just about all record keeping you would
expect at any medical institution. Many doctor PCs are okay, showing data
from the days before the attack, they just cannot access the MedStar
network, or access this week's e-mail. I hope their ISP has sufficient data
storage to hold the accumulated e-mail until these systems are back up
again.
The old paperwork system 'works' for employees who remember it, but there
may be recovery hassles after systems restored, making sure the records are
complete for the downage days.
The FBI had been contacted.
Initially we were not told what kind of attack it was, but from clues, there
was lots of speculation.
https://www.washingtonpost.com/local/virus-infects-medstar-health-systems-computers-hospital-officials-say/2016/03/28/480f7d66-f515-11e5-a3ce-f06b5ba21f33_story.html
http://www.healthcare-informatics.com/article/breaking-news-medstar-health-hacked-ehr-down-fbi-investigating
http://money.cnn.com/2016/03/28/technology/medstar-hospital-hack/
http://inhomelandsecurity.com/virus-infects-medstar-health-systems-computers-hospital-officials-say/
On Monday 28 Mar, hospital spokespersons had claimed that this incident
would not disrupt health care. On Tuesday, news media was publishing lots
of stories about disruptions to patient health care, thanks to this
incident.
By Wednesday, historical EHR records were accessible read-only, but not from
all work stations.
Some patients have been turned away, because of this incident, refused
renewal of prescriptions. Hospital spokespersons said that no one will get
delayed medical treatment because of this, but news media has been
interviewing patients for whom that was exactly what happened, and/or
subjected to scary, and health-threatening, inconveniences. One hospital
lost track of a man's invalid wife, falsely claiming she had been released,
which caused him lots of anxiety until they located her getting the proper
treatment.
Patients arrive for appointments, only to find they have been canceled
because the medical staff cannot do a proper job without access to the
computer records, and apparently they also need access to the computer to
notify patients that their appointments have been canceled. Other patients
get daily calls 'Don't come in, the computers are down again today.'
In addition to official spokesperson statements, news media is talking with
lots of the medical staff, who explain serious medical safety issues, which
the official spokesperson is down playing.
https://www.washingtonpost.com/local/medstar-health-turns-away-patients-one-day-after-cyberattack-on-its-computers/2016/03/29/252626ae-f5bc-11e5-a3ce-f06b5ba21f33_story.html
http://wtop.com/local/2016/03/medstar-still-dealing-problems-cyber-attack/
http://www.usnews.com/news/articles/2016-03-29/medstar-struggles-to-work-around-computer-hacking-crisis
http://www.pressreader.com/usa/the-washington-post/20160331/282024736400036/textview
There's also news stories about what Congress persons are saying. They
passed a law in 2015 calling for the federal Health and Human Services (HHS)
to:
* Create a task force of health industry leaders and cyber security
professionals to identify the biggest threats, and to suggest mitigation
approaches;
* Provide doctors and hospitals with guidance on the best ways to protect
themselves from cyber attack,
* Have service from the agency, to help any medical institution which
suffers a cyber attack;
* Issue reports to the health industry on emerging threats and risks they
need to protect themselves against;
* And more . the legislation = Information Sharing Act of 2015.
http://www.healthcareinfosecurity.com/obama-signs-cyber-info-sharing-bill-a-8762
So far HHS has not yet implemented any of this, according to some news
stories, while others talk about the progress being made implementing it.
But without the task force, it has been a slow learning process for an
agency new to this topic, making some judgment errors, in selecting which
risks to prioritize warnings about. There may be a need for agencies,
experienced in cyber-threats by industry and how attackware gets delivered,
to provide initial training for agencies new to providing cyber security
guidance.
Other people are calling for an update to HIPPA = US gov regulations about
health care records. That system already has a requirement for hospitals to
report incidents like this.
HHS Office of Civil Rights (OCR) investigates all cyber incidents of health
care providers, either reported to them directly, under HIPPA regulations,
or found out via news reports. They also have guidance on how to report
incidents, such as to the FBI Internet Crime Complaint Center.
http://www.ic3.gov/default.aspx
They have also told medical institutions about the Better Business Bureau's
scam tracker.
https://www.bbb.org/scamtracker/us
Apparently some people are ignorant of the fact that there are laws already
on the books, calling for the reporting of cyber insecurity incidents, some
of which have not yet been implemented, or are not enforceable.
Almost every state of the USA has a requirement that places hit by cyber
attack, either located in that state, or with customers in that state,
report them to the Attorney General of the state, and take measures to
compensate victims of the attacks (their customers, and others). However,
many institutions do not know they are under attack, until the damage has
been done, plus some do not know what to do, after they discover they have
been attacked.
http://www.govinfosecurity.com/ransomware-time-for-hipaa-update-a-9002
http://www.healthcareinfosecurity.com/ocr-cyber-awareness-effort-will-have-impact-a-8846
So proper precautions have been sporadic throughout the health care
industry.
* We can see from the discrepancies between stories of medical staff and
hospital spokesperson statements, that there's a lack of training how to
deal with this kind of incident, and a lack of internal communications to
cope when computers are down.
* We have not yet been told how this happened to MedStar, but with many
other institutions it was a lack of training to avoid one employee
victimized by phishing taking down the entire computer system. There's
also backups, and keeping software up to date.
http://hitconsultant.net/2016/03/30/medstar-cyber-attack/
When the US government first was pushing EHR, there was an outpouring of
cyber security concerns from the security industry.
The medical profession and government had to learn from medical breaches
that those concerns were valid, and remediation investment was essential.
We are flooded with cyber security warnings, and few employers have budgeted
the resources to cope with them effectively.
In April 2014, there was an FBI warning about a growth in cyber attacks upon
the health care industry.
The FBI predicted that movement to on-line systems, without provision for
how to handle themselves, when those systems go down, is inviting trouble.
That trouble has now arrived, inconveniencing many portions of the health
care industry.
http://www.fiercehealthit.com/story/when-it-comes-cybersecurity-staff-education-matters/2016-03-29
Next the news media learned that MedStar was a ransom ware attack, where if
the hospital pays $18.5K in bitcoins, the crooks promise to send the keys to
unlock their system. Instead, the hospital system is restoring from
backups, with partial recovery, and has suffered at least $1 million per day
thanks to the down time.
http://www.baltimoresun.com/health/bs-md-medstar-ransom-hack-20160330-story.html
http://www.ibtimes.co.uk/hospitals-crippled-by-cybercriminals-ruthless-medstar-hack-demands-12900-unlock-computers-1552429
I found out about this news story, because I subscribe to KnowBe4 -- training
in how not to be a victim of cyber attacks.
They use breaking news stories about cyber security incidents to explain how
their training can prevent such incidents.
https://www.knowbe4.com/
The challenges, the hospital staff and patients are dealing with,
demonstrates some flaws in planning for the possibility of computer
downtime, when everyone becomes dependent on the digital data. What could
go wrong, when a hospital runs purely on electronic records, then their
computer systems go down? MedStar has learned about that this week, and
also has had earlier lessons.
http://catless.ncl.ac.uk/Risks/29.31.html#subj4
Before any hearings into what if anything should be done about such
incidents, maybe Congress should get a report from CRS = Congressional
Research Service,
https://www.fas.org/sgp/crs/misc/
and from GAO = Government Accountability Office,
http://www.gao.gov/products/GAO-16-265
to communicate:
* What laws and regulations already exist regarding health care cyber
incidents, their prevention and disclosure.
* What is the status of implementation of those rules.
* Statistics on this kind of attack.
* Status of investigations into major attacks.
Here are some CRS reports on Health Care, other than the cyber security
dimension:
http://www.ncsl.org/research/health/congressional-research-service-reports-on-health.aspx
------------------------------
Date: Fri, 1 Apr 2016 00:16:28 -0500
From: 'Alister Wm Macintyre (Wow)' <macwh...@wowway.com>
Subject: Why Ransomware loves Hospitals
Ransomware <https://en.wikipedia.org/wiki/Ransomware> is a threat to:
* Hospitals
* Police stations
* Cloud services
* Mobile phones
http://krebsonsecurity.com/tag/ransomware/
In addition to all the data placed at risk, which I mentioned in my earlier
MedStar post, medical devices may also be at risk.
* To install the ransomware, the hackers had to have had access to PII of
patients, employees, their medical records, financial info, all of the
computer records impacted, which invokes some laws regarding disclosure of
numbers of people potentially at risk of breach.
Sergey Lozhkin, a senior researcher at Kaspersky Lab said ``in lots of cases
medical equipment is not isolated from the local office network.' A month
ago, he detailed the results of his penetration test of a Moscow hospital.
Among other issues, Lozhkin discovered a login portal for a CT scan machine
on the open Internet, and once inside the hospital's local network, he found
a control panel for an MRI machine that was not password protected.
<https://threatpost.com/medical-device-health-care-security-continues-to-ail/116228/>
There have been at least a dozen hospitals, or hospital chains, inflicted
with ransomware just in March 2016.
http://motherboard.vice.com/read/the-spreading-epidemic-of-hospital-ransomware
Thursday, March-31, the U.S. Department of Homeland Security (DHS). and the
Canadian Cyber Incident Response Centre, issued a joint alert about the risk
of ransomware.
http://www.reuters.com/article/us-cyber-ransomware-alert-idUSKCN0WY3BN
US Hospitals are juicy targets for ransomware because:
* Their care depends on access to up-to-date complete records, which thanks
to the US government, are now electronic.
* Their care is critical. Disrupting it can mean serious complications for
patients. And law suits because of that.
* Very few hospitals conduct security training for their staff.
* What has been more critical for them is HIPPA compliance, because the US
government has emphasized patient privacy much more than cyber security.
http://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/
MedStar reacted by shutting down their servers the moment they realized
they'd been hit. KnowB4 says that is the correct first step. They
distribute a 20-page hostage manual (.pdf) instructing ransomware victims on
what to do after an attack, and how to prevent one.
<http://www.wired.com/wp-content/uploads/2016/03/RansomwareManual-1.pdf>
There are several ways computers get hit by ransomware.
* Someone falls for a phishing spam scam, which installs attackware on their
computer.
* Hacked or malicious sites exploit browser vulnerabilities with drive-by
attackware.
* Once either approach has gained access to a system, the hackers can easily
follow, to perform their mischief.
It goes after individual PCs, servers, while deleting any connected backups.
In MedStar's case, the malware is Samsam, also known as Samas and MSIL.
This tells us a hacker had to install the ransomware, but it does not tell
us how the hacker got into MedStar=92s systems.
Samsam exploits vulnerabilities which have been patched, so this also tells
us that MedStar had not stayed current on critical patches for their
systems.
http://arstechnica.com/security/2016/03/maryland-hospital-group-hit-by-ransomware/
The FBI issued alerts about this recently.
https://motherboard.vice.com/read/fbi-warns-about-ransomware-attacks-infecting-whole-networks
https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise
I believe IT should take systems down, so nothing connected to Internet, to
run a complete backup to media not left connected to the servers, then let
the network re-connect, only after each device is checked to be clear of
security problems, and make sure its backup is up-to-date. Unfortunately,
many outfits need to be up 24x7, and won't approve the resources needed to
run high speed backups, in short scheduled down time, like wee hours, when
business is at its lowest volume, or have client devices which gather info
to update the server, from activity during the short down time for backup.
I believe all institutions should do a periodic search, to identify all the
ways they are connected to the Internet, in case of any inadvertent errors,
adding poorly secured links.
https://www.shodan.io/
Search for *hospital* and find
* 144 in USA
* 133 in Brazil
* 69 in Thailand
* 67 in South Korea
* 54 in India
Connection info for specific hospitals is provided.
No hits for MedStar -- hopefully that means that any past flaws have now
been fixed.
Example of a USA hit:
Health First Viera Hospital 6450 US Highway 1, Rockledge, FL 32955
------------------------------
Date: Wed, 30 Mar 2016 15:01:38 -0500
From: 'Alister Wm Macintyre (Wow)' <macwh...@wowway.com>
Subject: Re: Bangladesh bank heist to Philippines to Chinese
(RISKS-29.36,37,38,40)
In any breaking story, mainstream media has high levels of speculation,
leading to conflicting stories.
Fraudulent bank transfers were allegedly communicated via the SWIFT network.
Some stories say SWIFT was compromised. Others say no SWIFT was not
compromised, rather the communications system at one end was breached.
The Bangladesh Central Bank may sue the NY Fed, to try to recover some of
the lost money. I predict this effort will fail, because US courts have
usually ruled in favor of the bank which held the money which was stolen,
and against the business enterprises that owned that money. Judges have
ruled that way, even when it is proven that the NY Fed equivalent
institution was in the wrong, or made cyber security errors.
So far, no evidence has surfaced in the news media, that the NY Fed did
anything wrong.
http://www.nbcnews.com/tech/tech-news/bangladesh-bank-might-sue-ny-fed-after-1b-hack-heist-n544046
http://www.en.prothom-alo.com/bangladesh/news/98969/Bangladesh-Bank-weighs-lawsuit-against-NY-Fed
In this case, the Bangladesh Central Bank has been found to have been
infected with malware, which facilitated access to their credentials for
managing money. Invariably in past US court cases, when the business,
owning the bank account, was hacked, breached, or social engineered,
triggering info needed to file a false money transfer request, judges have
ruled that the bank from which the money was transferred from, is not
responsible for the negligence of the place which got malwared, hacked,
breached, etc.
How the malware got onto the Bangladesh Central Bank system, has not yet
been made public by investigators.
Spam Phishing is the usual route.
http://www.marketwatch.com/story/malware-used-in-100-million-bangladesh-bank-heist-2016-03-21
Philippine authorities now believe 2 Chinese men stole the Bangladesh money,
but are they mules paying off casino debts, or addicted to gambling, where
the casino operators aided in setting up the money transfer system? Since
those 2 men have been identified, but not yet located, are they in fact
false identities created by a casino operator and a friend at the Philippine
bank?
The money arrived in fictitious accounts at RCBC bank in the Philippines.
Bank officials have conflicting testimony about the process by which those
accounts were authorized & setup.
http://www.securityweek.com/chinese-high-rollers-moved-stolen-bangladesh-millions-philippines-witness
http://www.straitstimes.com/asia/se-asia/missing-link-in-us81-million-bangladesh-bank-heist-set-to-testify-before-philippine
http://www.themalaymailonline.com/world/article/witness-millions-from-bangladesh-bank-heist-moved-to-philippines-by-chinese
WSJ has a video of what's known so far about the travels of the stolen
money.
http://www.wsj.com/articles/businessman-denies-planning-central-bank-heist-1459261342
Philippine legislators have had a hearing on where the money ended up, and
how it got there.
Now US Congress woman Carolyn Maloney (D-NY) http://carolynmaloney.com/
wants a US hearing on this bank heist, and what standards are needed to put
a stop to such activities. There may be no solution so long as:
* Businesses are vulnerable to phishing, malware, hackers taking over their
institutions, with them oblivious to this happening;
* Judges rule in favor of banks which violate contracts, to not move money
to new locations, or in excess of some ceilings, without personal contact
with officials of institution owning the money, who are authorized to
approve such actions.
http://carolynmaloney.com/multimedia/latest_news/view/2016-03-maloney-wants-probe-on-bangladesh-bank-heist
http://news.yahoo.com/u-congresswoman-wants-probe-bangladesh-bank-heist-200449682.html
Wikipedia is periodically updated as more info is found, released, and
confirmed.
https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist
------------------------------
Date: Wed, 30 Mar 2016 12:22:14 -0400 (EDT)
From: 'ACM TechNews' <technew...@acm.org>
Subject: Stefan Savage receives RISKS-relevant award
ACM and Infosys Foundation Honor Innovator in Network Security Research
Association for Computing Machinery (03/30/16)
ACM TechNews, 30 Mar 2016
Stefan Savage from the University of California, San Diego has been selected
to receive the 2015 ACM-Infosys Foundation Award in the Computing Sciences.
Savage was cited for research in network security, privacy, and reliability
that has showed people how to perceive attacks and attackers as components
of an integrated technological, societal, and economic framework. Savage's
approach is embodied in his recent work with collaborators to fight spam by
exploring how spammers generate revenue, and what steps might be taken to
neutralize this incentive. One project involved the researchers
infiltrating a botnet to extract insights about the economics of spam
schemes. By monitoring millions of spam emails and identifying the
individual services needed to monetize them, Savage's team built a model of
dependencies in the spam supply chain. They demonstrated merchant bank
accounts used to receive credit card payments were the most valuable and
prone to disruption. 'Stefan Savage has shifted thinking and prompted us to
ask ourselves how we might impede the fundamental support structure of an
attacker,' says ACM president Alexander L. Wolf. 'His frameworks will
continue to significantly influence network security initiatives in the
coming years.'
http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-ed5ax2e0c5x065760&
------------------------------
Date: Mon, 17 Nov 2014 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-...@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-s...@csl.sri.com or risks-un...@csl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay...@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string `notsp' at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
> PGN's historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 29.42
************************