CBS News Logo String of cyber attacks threat to U.S. security?

Japanese video game developer Sega announced Sunday that hackers broke into its database and stole the personal information of more than one million customers. The breach, CBS News Correspondent Elaine Quijano reports, is just the latest in a string of cyber-attacks on corporations, government contractors, and even the CIA. Last week, computer hackers forced a shutdown of the CIA's public website for more than two hours. It claims no sensitive information was at risk, but Internet security experts say it was still a huge embarrassment for the for the government's top spy agency.Games company Sega becomes latest hacking victimLulSec offers to help Sega "destroy" hackersJim Stickley, co-founder of TraceSecurity, a cyber security company, told CBS News, "It's never a good thing when you're the CIA and your website has data talking about a hacker. " While the attack was deemed harmless, the same can't be said of the breach of government contractor Lockheed Martin last month. That's when the nation's top weapons manufacturer discovered the system enabling employee's remote access may have been compromised. Some suspect foreign governments were responsible for the attack. Stickley said, "Now, with governments getting involved, it's moved from the personal attacks to going after the government attacks and going at a much more scary level." It's this threat of foreign cyber-espionage that prompted the National Security Agency to announce it's stepping in to assist government contractors like Lockheed Martin better secure their data. A wave of attacks has hit private businesses, as well. On Friday, banking giant Citigroup revealed that more than 360,000 customers had credit card information compromised - nearly double its original estimate from a month ago. But it's all par for the course in an era of online consumers, according to experts. TraceSecurity's Stickley says, "Someone is going to get your data eventually. I don't think it's a matter of if.  ... Continue Reading

US accuses Russia of cyber attacks on power grid

Washington (CNN)The US government has accused Russia of remotely targeting the US power grid, as part of its newly unveiled sanctions on the country. The Department of Homeland Security released details Thursday of what it called a multi-stage effort by Russia to target specific government entities and critical infrastructure. The Trump administration announced extensive sanctions against Russia on Thursday morning, which included sanctions on the Internet Research Agency, a Russian troll farm that produced divisive political posts on American social media platforms during the 2016 presidential election. According to the DHS, Russia accessed US government networks by initially targeting with malware small commercial third-party networks that were less secure. Russia has attempted to attack targets that include "energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors" since March 2016, DHS said. Read More Gaining access to the networks that are tied to various aspects of US infrastructure is extremely difficult, said Vikram Thakur, of Symantec Security Response. Thakur, a technical director at Symantec, added that cyberattacks like the one DHS described Thursday have the potential to cause significant damage, unlike those in which the attacker is solely looking for information. "The only thing that holds an attacker back is political motivation," Thakur said, noting the potential for retaliation by the country that gets hit. "Usually the bar for flipping the switch is extremely high" for the attacker, he later added in a phone interview. Past encounters In 2015 Ukraine experienced an unprecedented cyberattack on its electric grid that led to widespread power outages, which it said was caused by Russia. The attack raised concerns about vulnerabilities in the US system that could make it a victim of similar attacks. Energy Secretary Rick Perry released a response to the DHS announcement Thursday, saying the Continue Reading

German officials warn cyber attacks on its government computers are ‘ongoing’

Rosie Perper, provided by Published 8:07 pm, Thursday, March 1, 2018 Thomson Reuters A cyberattack on Germany's defense and interior ministry's private network is "ongoing," officials confirmed. A security breach that was "a very serious attack" was confirmed on Wednesday, but it was said to have been "brought under control." Local media reported Russian cyber espionage group Fancy Bear for the attack, but German officials have not confirmed the reports. A "serious" cyberattack on Germany's defense and interior ministry's private network is still ongoing, despite officials saying on Wednesday they were in control of an attack. Recommended Video: Now Playing: According to the Times newspaper in the U.K., British intelligence officials say Iran is responsible for the 9,000 email account hack. Media: Buzz 60 "It is an ongoing affair, an ongoing attack," Armin Schuster, who chairs the parliamentary committee overseeing intelligence services, said according to the BBC. "It is a very serious cyber-attack," Schuster said. The news comes a day after German officials confirmed they were investigating the breach, which was speculated to have occurred in December, but had said it was an "isolated" attack that had been "brought under control." Local media contributed the hack to suspected Russian cyber espionage group Fancy Bear, also known as APT28. However, German officials have not confirmed the reports. The German Press Agency (DPA) reported, citing unnamed security sources, Russian hackers breached the government network with a piece of malware likely placed in a central government network potentially remaining for up to a year. According to public broadcasterDeutsche Welle, hackers reportedly targeted the government's "Informationsverbund Berlin-Bonn" (IVBB) network, a communication platform that facilitates fast and secure data exchanges within German government offices. Domestic Continue Reading

Worried About Those Global Cyber Attacks? They Were Started by Washington

Andy Greenberg’s cover story in the July issue of Wired magazine could not have been more timely. This week the mysterious cyber pirates struck again, shutting down computer networks at businesses and banks and government agencies from Eastern Europe to the United States. Greenberg’s article describes the nightmare of cyber attacks the Ukraine has suffered over the past three years—recurring blackouts of industrial sectors, which corporate watchdogs suspect were orchestrated by Russia’s sophisticated hackers (if not by freelance bandits demanding ransom). Some industry insiders assumed Russia was using Ukraine as a test market for industrial chaos. Might Moscow be preparing to make the United States its ultimate target? It’s a scary thought. Greenberg found some experts who are taking it seriously. “I think it’s the brazenness of Russia’s activities in the 2016 election that has scared people the most,” Greenberg told Fresh Air interviewer Terry Gross on NPR. “The fact that Russia is willing to insert itself into our electoral process has made the political community, but also the cyber-security community, wonder how far Russia will go. Russia has tried to mess with or infect or lay the groundwork for attacking American infrastructure.” Many Americans are naturally indignant—how dare those nasty Russians tamper with the sanctity of our free elections!—and express injured innocence. Congress has launched high-minded investigations. But American self-righteousness is misplaced. This malignant technology disrupting the global industrial system was pioneered in the USA, by our very own government. The broad public (myself included) didn’t realize this, because with rare exceptions like The New York Times, the mass media do not discuss the true origins of this disease. It’s easier to blame disruptions on familiar bad guys. In this matter, however, the notorious US spy Continue Reading

Cyber attack eases, hacking group threatens to sell code

By Dustin Volz WASHINGTON (Reuters) - Governments turned their attention to a possible new wave of cyber threats on Tuesday after the group that leaked U.S. hacking tools used to launch the global WannaCry "ransomware" attack warned it would release more malicious code. The fast-spreading cyber extortion campaign, which has infected more than 300,000 computers worldwide since Friday, eased for second day on Tuesday, but the identity and motive of its creators remain unknown. The attack includes elements that belong to the U.S. National Security Agency and were leaked online last month. Shadow Brokers, the group that has taken credit for that leak, threatened on Tuesday to release more recent code to enable hackers to break into the world's most widely used computers, software and phones. A blog post written by the group promised from June to release tools every month to anyone willing to pay for access to some of the tech world's biggest commercial secrets. It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs. "More details in June," it promised. The spread of the WannaCry attack - which encrypts a user's data and demands a "ransom" be paid electronically to free it up again - slowed to a trickle on Tuesday, with few, isolated examples being reported. In Canada, the Universite de Montreal was hit, with 120 of the French-language university’s 8,300 computers affected, according to a university spokeswoman. There were no new, major incidents in the United States. Fewer than 10 U.S. organizations have reported attacks to the Department of Homeland Security since Friday, a U.S. official told reporters on Tuesday. The attack has caused most damage in Russia, Taiwan, Ukraine and India, according to Czech security firm Avast. The United States likely avoided greater harm as the attack targeted older versions of Microsoft Continue Reading

Police seize servers of Ukrainian software firm after cyber attack

By Jack Stubbs and Pavel Polityuk KIEV (Reuters) - Ukrainian police on Tuesday seized the servers of an accounting software firm suspected of spreading a malware virus which crippled computer systems at major companies around the world last week, a senior police official said. The head of Ukraine's Cyber Police, Serhiy Demedyuk, told Reuters the servers of M.E.Doc - Ukraine's most popular accounting software - had been seized as part of an investigation into the attack. Though they are still trying to establish who was behind last week's attack, Ukrainian intelligence officials and security firms have said some of the initial infections were spread via a malicious update issued by M.E.Doc, charges the company's owners deny. The owners were not immediately available for comment on Tuesday. Premium Service, which says it is an official dealer of M.E.Doc's software, wrote a post on M.E.Doc's Facebook page saying masked men were searching M.E.Doc's offices and that the software firm's servers and services were down. Premium Service could not be reached for further comment. Cyber Police spokeswoman Yulia Kvitko said investigative actions were continuing at M.E.Doc's offices, adding that further comment would be made on Wednesday. The police move came after cyber security investigators unearthed further evidence on Tuesday that the attack had been planned months in advance by highly-skilled hackers, who they said had inserted a vulnerability into the M.E.Doc progamme. Ukraine also took steps on Tuesday to extend its state tax deadline by one month to help businesses hit by the malware assault. Researchers at Slovakian security software firm ESET said they had found a "backdoor" written into some of M.E.Doc's software updates, likely with access to the company's source code, which allowed hackers to enter companies' systems undetected. "VERY STEALTHY AND CUNNING" "We identified a very stealthy and cunning backdoor that was injected by attackers Continue Reading

U.S. intelligence officials ‘confident’ Vladimir Putin had direct hand in cyber attacks before the election

U.S. intelligence officials believe that Vladimir Putin was personally involved in the cyber attacks targeting Democrats ahead of the U.S. presidential election, according to a report Wednesday. Officials told NBC News that there is “a high level of confidence” that the Russian president had a direct hand in the operation - and even oversaw how hacked materials were leaked and used. Last week, it was reported that the CIA concluded Russia meddled in the presidential election in an effort to ensure a Donald Trump victory. Now, two senior officials told NBC News that there is solid evidence tying Putin to the plot to harm Hillary Clinton’s chances by leaking embarrassing emails stolen from the Democratic National Committee and Clinton insider John Podesta. In October, the U.S. government formally accused Russia of being behind the espionage, but the extent of Putin’s involvement was not known. The interference began as a “vendetta” against Clinton, but it became something more, experts said. “He wants to discredit American democracy and make us weaker in terms of leading the liberal democratic order,” former U.S. ambassador to Russia Michael McFaul told NBC. “And most certainly he likes President-elect Trump's views on Russia.” The President-elect praised Putin and Russia throughout his campaign and has nominated Rex Tillerson, an ExxonMobil CEO with close business ties to Moscow, to lead the State Department. The White House, meanwhile, is accusing Trump of knowing the Russians were interfering in the election — and doing nothing about it. “There was ample evidence that was known long before the election, and in most cases long before October, about the Trump campaign in Russia, everything from the Republican nominee himself calling on Russia to hack his opponent,” White House press secretary Josh Earnest said at Continue Reading

Hacked! Microsoft, Pinterest, Tumblr and Twitter join Apple, Facebook, as the latest victims of cyber attacks

If the past few weeks have made anything clear, it’s that the Internet if full of hacks. Just days after tech giants Apple and Facebook announced they had been the victims of a sophisticated hacking operation, Microsoft, Pinterest, Tumblr and Twitter said they too had been targeted. “As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion. Consistent with our security response practices, we chose not to make a statement during the initial information gathering process,” Matt Thomlinson, general manager of Microsoft’s Trustworthy Computing Security unit, said in a written statement. “During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.” Pinterest, the social networking site, emailed its users on Friday to inform them that their personal information had been leaked. “We recently learned that the vendor we use to answer support requests and other emails (Zendesk) experienced a security breach,” Pinterest’s warning stated. “We're sending you this email because we received or answered a message from you using Zendesk. Unfortunately your name, email address and subject line of your message were improperly accessed during their security breach.” Tumblr and Twitter also use Zendesk for security. On Thursday, announced that its website had been hacked and infected with malware that could harm the computers of users who visited their site, and as news spread of the latest cyber attacks, Facebook said on Friday that a security hacker had identified a hole in the company’s software that allowed developers to access anyone’s personal page and private data. Continue Reading

Pentagon hacked, 24,000 files stolen by ‘foreign intruders’ in cyber attack

Foreign hackers broke into the Pentagon computer system this spring and stole 24,000 files - one of the biggest cyber-attacks ever on the U.S. military, according to a Department of Defense official. William Lynn, the deputy secretary of defense, acknowledged the brazen theft during a speech on Thursday while detailing a plan to strengthen the country's cyber-security. Lynn would not disclose what kind of files were stolen or what country was behind the attack, which took place sometime in March. But he did say the confidential documents were swiped from a defense industry computer network in a single intrusion. Several cyber-attacks have previously been blamed on China or Russia. American officials fear that a terrorist group - and not a foreign government - will eventually acquire the tools to break into U.S. computer networks. "If a terrorist group gains disruptive or destructive cyber-tools, we have to assume they will strike with little hesitation," Lynn said during his speech at the National Defense University. Lynn said the Defense Department's new strategy involves developing stronger computer networks so officials can continue to operate even if critical systems are taken down. "Our strategy's overriding emphasis is on denying the benefit of an attack," Lynn said, according to the Washington Post. "Rather than rely on the threat of retaliation alone to deter attacks in cyberspace, we aim to change our adversaries' incentives in a more fundamental way. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place." With News Wire Services Join the Conversation: Continue Reading

Petya attack on TNT Express takes $300 million bite out of FedEx earnings

FedEx on Tuesday reported a $300 million hit to earnings from a cyberattack on subsidiary TNT Express in late June.The impact of Hurricane Harvey and lower-than-expected results at FedEx Ground also contributed to a year-over-year decline in earnings per share, the company said.The company also lowered its earnings forecast for the full year ending next May 31 because of the cyberattack, which hammered worldwide operations of Europe-based TNT Express.The June 27 cyber-attack spread an information technology virus to TNT Express systems through a Ukrainian tax software product."This was not an ordinary cyberattack," FedEx chief information officer Rob Carter told analysts. "We believe this attack was the result of a nation-state targeting Ukraine and companies that do business there. It is widely believed that these were weaponized cyber tools that were stolen from the U.S. government."Nearly three weeks after the attack, in mid-July, FedEx was still evaluating the attack's financial impact, which was expected to include loss of revenue due to decreased volumes and costs of implementing contingency plans and restoring affected systems.“The first quarter posed significant operational challenges due to the TNT“We are confident of our prospects for long-term profitable growth," Smith continued, "and we reaffirm our commitment to improve operating income at the FedEx Express segment by $1.2 billion to $1.5 billion in fiscal 2020 versus fiscal 2017.”The earnings were significantly lower than the $3.17 a share prediction of analysts surveyed by Zacks Research. Multiple factors affecting earningsFedEx said results benefited from higher base rates at each transportation segment, but that boost was more than offset by the cyberattack, TNT Express integration expenses, higher costs at FedEx Ground, a higher tax rate and Hurricane Harvey's impact.FedEx services were disrupted after Hurricane Harvey swamped the Texas Gulf Coast in late August. The Continue Reading