The Security Pub

Random Thoughts About Security

Category Archives: Breaches

Report: NSA Looks Into NASDAQ Hack

The National Security Agency, the top U.S. electronic intelligence service, has joined a probe of the October cyber attack on Nasdaq OMX Group Inc. amid evidence the intrusion by hackers was more severe than first disclosed, according to people familiar with the investigation.

The involvement of the NSA, which uses some of the world’s most powerful computers for electronic surveillance and decryption, may help the initial investigators — Nasdaq and the FBI — determine more easily who attacked and what was taken. It may also show the attack endangered the security of the nation’s financial infrastructure.

“By bringing in the NSA, that means they think they’re either dealing with a state-sponsored attack or it’s an extraordinarily capable criminal organization,” said Joel Brenner, former head of U.S. counterintelligence in the Bush and Obama administrations, now at the Washington offices of the law firm Cooley LLP.

Check out the entire article – Bloomberg

IEEE Database Breached, Personal Information Compromised

IEEE, the world’s leading society for technical professionals, has warned some 800 members that their credit card and personal information may have been stolen. The FBI has been notified of the breach.

The group disclosed the November, 2010 breach in a letter to the New Hampshire Attorney General, dated February 24, in keeping with that state’s data privacy law. While the source and purpose of the security breach aren’t known, IEEE’s membership of technical professionals raises concerns about whether group members might be the targets of sophisticated phishing and social engineering attacks using stolen data.

Check out the full article – ThreatPost

Domains Used in the RSA Attack

RSA TokenDetails about the recent cyber attacks against security firm RSA suggest the assailants may have been taunting the industry giant and the United States as they stole secrets from a company whose technology is used to secure many banks and government agencies

Earlier this month, RSA disclosed that

“an extremely sophisticated cyber attack” targeting its business unit “resulted in certain information being extracted from RSA’s systems that relates to RSA’s SecurID two-factor authentication products.” The company was careful to caution that while data gleaned did not enable a successful direct attack on any of its SecurID customers, the information “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”

Read the full article at KrebsOnSecurity

Missing BP Laptop had Personal Data of Gulf Oil Spill Victims

 

A BP employee lost a laptop containing unencrypted personal information on approximately 13,000 people who had filed compensation claims prior to August 2010 stemming from the Gulf oil spill.

BP spokesperson, Curtis Thomas, said the oil company sent out letters notifying those affected and reported the incident to law enforcement on Monday. BP contends that none of the personal information has been misused, but nonetheless is offering to pay for any necessary credit monitoring services to the victims of the breach.

“We’re committed to the people of the Gulf Coast states affected by the Deep-water Horizon accident and spill, and we deeply regret that this occurred,” said Thomas.

The employee in question lost the laptop on March 1 during business travel, nearly a month ago, when asked why so much time elapsed before reporting the incident, Thomas claimed his company was doing “due diligence and investigating” the incident, according to AP.

The breach only affects claimants who filed claims directly to BP before the Gulf Coast Claims Facility took over the compensation operation in August of last year.

Hackers Penetrate Nasdaq Computers

Computer hackers have breached the systems of the company that runs the Nasdaq stock exchange in New York but did not penetrate the part of the system that handles trades, Nasdaq said Saturday.  The exchange’s operating company, Nasdaq OMX, said in a statement that it had discovered suspicious files on its United States servers, and that it immediately began conducting an investigation in conjunction with outside firms and federal law enforcement agencies.

The company said it had determined that a Web-based application on its servers called Directors Desk, on which corporations can store and share information, might have been affected. Nasdaq said the suspicious files “were immediately removed and at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers.”

“At no point was any of Nasdaq OMX’s operated or serviced trading platforms compromised,” the company said.

Read the full articleThe New York Times

PIN Pad Physical Security

So I was at the grocery store this evening (I won’t mention which one) . When I was paying for my groceries with my credit card I noticed how the PIN pad was secured.  Can you see what’s wrong with this picture?

If you are having difficulties identifying what’s wrong I will go ahead and explain…

This grocery store has decided to secure all their pin pads to the stand with zip ties.  I did take a look underneath the device and there wasn’t any screws mounting the device to the stand.  So if a hacker wanted to they could easily remove and replace these PIN pads with modified versions.

Here are some examples of good security for physically securing PIN pads.

NON-ATM, ATM Skimmers

Careful ATM users know enough to give a hasty visual check to the machine before using it and to hide the keyboard while entering their PIN. Unfortunately, sometimes even that is not enough to prevent the fraudsters, and the worst part of it is that they continually think of new ways of stealing your credit and debit card data.

A cleaver type of attack that can’t be detected by ATM users because there’s nothing off on the machine or close enough to it to make them suspicious has been pointed out by Brian Krebs. According to Brian, criminals have devised a very clever tactic – one that is usually employed to steal the information from users who prefer to use the ATMs located in the antechamber of a bank or building lobby.

Access to these ATM’s is usually controlled by a key card lock that allows customers to enter only after they have swiped their ATM card through it. Unfortunately, crooks have devised a way to add a skimmer to these locks, so that when the customers perform the action, it records the cards’ information. And odds are that customers won’t even check to see if there’s something suspicious about the lock.

When the customers finally access the ATM, those of them who don’t take particular care to hide the keyboard from view with the palm of their hand or another object, have their PINs stolen through the use of a zoom-in camera hiding behind a mirror located on the wall above an ATM – which they assume is there to allow them to see if someone is standing behind them.

An instance of this type of attack has been recorded all the way back in 2009, when a customer of a bank in California discovered the camera behind the mirror above one of the two ATMs in the lobby of the bank. It turns out that the criminals put an “Out of Order” sing on the other ATM to force the customers to use only the one that was covered by the camera.