Kaspersky Accused of Hacking U.S. Computers

kaspersky hacking

Kaspersky investigated by the F.B.I. for possible links to Russian security services.

On Wednesday, the federal government moved to wipe any software made by a prominent Russian cybersecurity firm, Kaspersky Lab, from its computer systems. Kaspersky Lab antivirus software is being investigated by the F.B.I. for possible links to Russian security services.
The concerns surrounding Kaspersky, whose software is sold throughout the United States, are longstanding. The F.B.I., aided by American spies, has for years been trying to determine whether Kaspersky’s senior executives are working with Russian military and intelligence, according to current and former American officials. The F.B.I. has also been investigating whether Kaspersky software, including its well-regarded antivirus programs, contain back doors that could allow Russian intelligence access into computers on which it is running. The company denies the allegations.

The debate broke open last week when the Wall Street Journal reported that Russian government hackers had stolen classified data from the home computer of an NSA contractor who had Kaspersky antivirus software installed. Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software (known as malware).

According to several recent reports, the Russian government has used antivirus software from the private Russian company Kaspersky to steal classified U.S. data.
The revelations, following months of vague warnings from U.S. officials, suggest that the U.S. has “direct evidence that there are ways to remote into Kaspersky and pull data back without the user’s intention,” David Kennedy, a prominent security consultant and former U.S. Marines hacker, told Yahoo Finance. “And that is very, very scary. That means that anybody in the world that has Kaspersky installed may have the potential to have their data accessed by Kaspersky.”
But many in the cybersecurity community, such as American cyberwarfare expert Jeffrey Carr, argue that the U.S. government’s allegations shouldn’t be trusted and that “Kaspersky Lab has suffered more slander from more supposedly reputable news outlets than any company in recent memory.”

A subsequent report detailed how Israeli intelligence alerted the U.S. of the Russian espionage-via-antivirus after infiltrating Kaspersky’s system in 2014 and watching Russian hackers search computers running Kaspersky for specific codenames of classified American programs.
U.S. intelligence agencies reported that “we studied the software and even set up controlled experiments to see if they could trigger Kaspersky’s software into believing it had found classified materials on a computer being monitored by U.S. spies,” and that the experiments “persuaded officials that Kaspersky was being used to detect classified information.”

The officials, all of whom spoke on the condition of anonymity because the inquiries are classified, would not provide details of the information they have collected on Kaspersky. But on Wednesday, Elaine C. Duke, the acting secretary of Homeland Security, ordered federal agencies to develop plans to remove Kaspersky software from government systems in the next 90 days. Kaspersky has denied the allegations, saying, “Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question.” Consequently, the question is whether observers should trust Kaspersky or the U.S. government, who is making the claims through selective leaks and mostly anonymous sources.

Equifax Down Plays Possible Second Data Breach

equifax breach

Equifax says it was not breached again, but vendor on site served ‘malicious content’.

Equifax says its systems may not have been breached again, but blamed a third party vendor for running malicious code. On Thursday a security analyst reported a link on the Equifax website redirected him to a third-party site that encouraged him to download malware.

Equifax said in a statement “The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content”. “Since we learned of the issue, the vendor’s code was removed from the web page and we have taken the web page offline to conduct further analysis.”

Security analyst Randy Abrams said he encountered the malicious link when downloading his credit report. A link on the Equifax site directs users to an announcement that the credit report assistance page is down for maintenance.

Shares dropped as much as 3.5% Thursday.

“This incident should serve as a warning for any website operator to know and control vendor risk in the digital world  – all website code, both first and third party, should be continuously monitored to avoid these scenarios,” Chris Olson, CEO of cyber security firm The Media Trust said in an emailed statement.

The malware security violation , comes a month after Equifax disclosed that a massive data breach exposed the Social Security numbers and birth-dates of as many as 145.5 million Americans. Last week Equifax disclosed that hackers may have stolen the personal information of 2.5 million more U.S. consumers than it initially estimated. The company said the additional customers were not victims of a new attack but rather victims who the company had not counted before.

Equifax Web Application Flaw Leaked 143M Customer Records.

Equifax data breach

Equifax Web Application Flaw Leaked 143M Customer Records.

Credit reporting agency Equifax said Thursday a web application flaw exposed 143 million customer records to hackers. This is a startling breach for a company that ironically offers identity theft protection services.

The information exposed includes names, Social Security numbers, birth dates, addresses and in some cases, driver’s license numbers, according to a news release. Although most of those affected are U.S. consumers, Equifax says some “limited personal” information for U.K. and Canadian residents was affected.

Equifax also says the breach exposed credit card numbers for 209,000 U.S. consumers. The hackers also accessed what Equifax described as “dispute documents” containing personal information for 182,000 U.S. consumers.
While not the largest breach on record, it’s certainly one of most sensitive. Equifax is one of the largest aggregators of financial data related to U.S. consumers, and its records are used by a variety of other businesses to gauge a person’s creditworthiness.

“On a scale of one to 10 in terms of risk to consumers, this is a 10,” says Avivah Litan, a vice president with the analyst Gartner. “Equifax holds consumers’ most personally sensitive financial information.”

The type of information leaked is a perfect package for a fraudster looking to impersonate someone else.
In the news release, Equifax Chairman and CEO Richard F. Smith says, “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do.”

While not the largest breach on record, it’s certainly one of most sensitive.

“I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

Although major data breaches have become nearly routine, Equifax’s lapse is “especially alarming and serious,” says Atiq Raza, CEO of the web application security company Virsec. Of particular concern is the static nature of data, such as birth dates.

“Almost all the data that credit reporting companies like Equifax hold is sensitive, and much of it is used to establish identity – birth dates, addresses, drivers licenses, and other data types are routinely used to verify identity,” Raza says. “It’s one thing to ask a consumer to change a password, but how do you change your birth date?”

Equifax says it will only send notifications by direct mail to the 209,000 people whose payment card information was leaked and the 182,000 consumers whose dispute documents were exposed.
For everyone else, Equifax has set up a web-based tool for people to check if their data is in the breach.

198M US citizens Political Data Exposed By Marketing Group

data leak

Political data gathered on more than 198 million US citizens was exposed.

This month  a marketing firm contracted by the Republican National Committee stored internal personal and political data on a publicly accessible Amazon server.
The data leak contains a wealth of personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation, and ethnicity. Deep Root Analytics, a conservative data firm that identifies audiences for political ads, confirmed ownership of the data to Gizmodo on Friday.

UpGuard cyber risk analyst Chris Vickery discovered Deep Root’s data online last week. More than a terabyte was stored on the cloud server without the protection of a password and could be accessed by anyone who found the URL. Many of the files did not originate at Deep Root, but are instead the aggregate of outside data firms and Republican super PACs, shedding light onto the increasingly advanced data ecosystem that helped propel President Donald Trump’s slim margins in key swing states.Although files possessed by Deep Root would be typical in any campaign, Republican or Democratic, experts say its exposure in a single open database raises significant privacy concerns. “This is valuable for people who have nefarious purposes,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data.

The RNC paid Deep Root $983,000 last year, according to Federal Election Commission reports, but its server contained records from a variety of other conservative sources paid millions more, including The Data Trust (also known as GOP Data Trust), the Republican party’s primary voter file provider. Data Trust received over $6.7 million from the RNC during the 2016 cycle, according to OpenSecrets.org, and its president, Johnny DeStefano, now serves as Trump’s director of presidential personnel.

The Koch brothers’ political group Americans for Prosperity, which had a data-swapping agreement with Data Trust during the 2016 election cycle, contributed heavily to the exposed files, as did the market research firm TargetPoint, whose co-founder previously served as director of Mitt Romney’s strategy team. (The Koch brothers also subsidized a data company known as i360, which began exchanging voter files with Data Trust in 2014.) Furthermore, the files provided by Rove’s American Crossroads contain strategic voter data used to target, among others, disaffected Democrats and undecideds in Nevada, New Hampshire, Ohio, and other key battleground states.

Deep Root further obtained hundreds of files (at least) from The Kantar Group, a leading media and market research company with offices in New York, Beijing, Moscow, and more than a hundred other cities on six continents. Each file offers rich details about political ads—estimated cost, audience demographics, reach, and more—by and about figures and groups spanning the political spectrum. There are files on the Democratic Senatorial Campaign Committee, Planned Parenthood, and the American Civil Liberties Union, as well as files on every 2016 presidential candidate, Republicans included.
What’s more, the Kantar files each contain video links to related political ads stored on Kantar’s servers.