CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Justice indicts Russian government officials in giant Yahoo hack

Justice indicts Russian government officials in giant Yahoo hack
March 17, 2017

The Department of Justice announced that four people—including two officers of the Russian Federal Security Service (FSB)—have been indicted in connection with a massive hack of 500 million Yahoo user accounts in 2014, the first U.S. criminal cyber charges ever against Russian government officials. Charges include hacking, wire fraud, trade secret theft and economic espionage. The indictments are part of the largest hacking case brought by the United States, and reflects the U.S. government’s increasing desire to hold foreign governments accountable for malicious acts in cyberspace. The Russian government used the information it obtained to focus on foreign officials, business executives and journalists, federal prosecutors said. Targets included numerous financial executives, officials at an American cloud computing company, an airline executive and a casino regulator in Nevada. The hackers also used the Yahoo data to send spam and steal credit card and gift card information, and sought to break into at least 50 Google accounts, including those of Russian officials and employees of a Russian cybersecurity firm. Although FBI agents have suspected that the Russians have used cyber mercenaries to do their work, this case is among the first in which evidence is offered to show that. The United States does not have an extradition treaty with Russia, but officials have said that filing charges and imposing sanctions can be a deterrent. People sometimes travel to a country that is willing to transfer them to the United States for prosecution. Sources: The Washington Post; The New York Times; CNN

Wish you were here, parents, to check your kids’ Wishbone app

Wishbone, a popular quiz app for kids, tweens and teens has been hacked, involving 2.2 million email addresses, as well as 287,000 phone numbers, many of which are from kids under the age of 18. The app is operated by the incubator Science, and is one of the more popular social networking applications in the United States, currently ranking No. 14 in that category on iTunes. Hackers appear to have accessed a private API to pull information on Wishbone users, including user names, personal names, emails and phone numbers. Source: Tech Crunch

It doesn’t pay to put your life insurance in their hands

Three former Bay Area life insurance agents were convicted of wire fraud and identity theft in a scheme to submit phony applications for policies and split commissions and bonuses. While working for the American Income Life Insurance, they submitted applications for policies on behalf of people who didn’t know that a policy was applied for or issued, or didn’t want a policy. Personal information used to apply for policies was collected by paying recruiters to find people to take medical exams and paying people to participate in a fictitious survey of a medical exam company. Source: The (San Jose, Calif.) Mercury News

Scammers order credit cards in victims’ names, then rob their mailboxes

Queens, New York,  police busted a massive credit card and identity theft ring that duped consumers, banks and retail businesses out of more than $3.5 million. Scammers used forged cards to go on shopping sprees to high-end electronic and fashion stores, purchasing tens of thousands of dollars worth of merchandise. The thieves ordered new credit cards for victims and plucked them out of the cardholders’ mailboxes when they were delivered. Source: The New York Daily News

A spot of good news: IRS says identity theft takes a tumble

The IRS reports that the number of identity theft victims plummeted last year, falling by 46 percent, to 376,000. These taxpayers had their identities stolen by criminals who used their Social Security numbers and birth dates to obtain fraudulent tax refunds. The IRS stopped nearly 1 million fraudulent refunds from being issued last year. They totaled almost $6.6 billion, the agency said. Source: USA Today 

Sound it out: Audio tones can spy on devices

Researchers at the University of Michigan released a paper explaining how audio tones can send false readings to devices through the devices’ accelerometers, the sensors in phones, fitness trackers, and tons of other tech toys that tell our devices where they are in space. Any device with an accelerometer could potentially be vulnerable to this kind of hacking attack. University of Michigan researcher Timothy Trippel said our devices rely on their sensors just like we rely on our ears, eyes and noses. Sending confusing information to those sensors can wreak havoc. Source: CNet

Financial firms bump up their investment in cybersecurity

Banks and other financial institutions spend three times the amount nonfinancial organizations are spending on cybersecurity. According to the Financial Institutions Security Risks research from Kaspersky Lab and B2B International, cybersecurity is a high priority for financial institutions, as they’re coming under increased pressure from the government, top management and customers. Banks are mostly getting ready for more mobile users. More than four in 10 banks predict the overwhelming majority of their customers will be using mobile banking in three years. Source: Beta News

Diplomatic tension leads to spurt of anti-Nazi tweets

A diplomatic spat between Turkey, the Netherlands and Germany spread online when a large number of Twitter accounts were hijacked and replaced with anti-Nazi messages in Turkish. The attacks, using the hashtags #Nazialmanya (NaziGermany) or #Nazihollanda (NaziHolland), took over accounts of high-profile CEOs, publishers, government agencies, politicians and also some ordinary Twitter users. Turkish President Tayyip Erdogan has accused the German and Dutch governments of Nazi-style tactics, drawing protests from both countries, after Turkish government ministers were barred from addressing political rallies there to boost his support among expatriate Turks. Source: Reuters

British seek more insurance coverage for cyber attacks

Britain’s 6 billion pounds ($7.3 billion) terrorism reinsurance fund hopes to extend its cover to include cyber attacks on property, said Julian Enoizi, Pool Re chief executive. The reinsurance company, set up in 1993, acts as a backstop to insurers paying out claims on property damage and business interruption. There have been several cyber attacks on property in recent years. In 2014, a German steel mill suffered damage to the plant’s network from a cyber attack. Enoizi said this and other incidents had been ruled out as terror attacks, but Pool Re needed to be prepared. “Insurance is there for the unimaginable—we’re here to insure the unforeseen,” he said. Source: Insurance Journal

Nintendo Switch hacked nine days after its launch

Well-known iOS and PS4 hacker qwertyoruiop reportedly became the first person to hack a Nintendo Switch, nine days after it launched. The hacker tweaked an old iOS WebKit exploit, removed the iOS-specific code and took advantage of a vulnerability contained within the hidden Switch browser to show how easy it will be to hack the console. Source:

Hacked? Bill would let you hack back

Rep. Tom Graves, R-Georgia, is proposing a bill that would allow a victim of a cyber attack to access the attacker’s computer to gather information about the attack to share with law enforcement or to stop the hacker from continuing to access their network. The Active Cyber Defense Certainty Act would not allow cyber attack victims to destroy any information on their attacker’s network or to otherwise cause a threat to public safety. Source: Think Advisor

Emma Watson is latest to have photos hacked

Emma Watson is taking legal action after private photos of the star allegedly were stolen and leaked online. “Photos from a clothes fitting Emma had with a stylist a couple of years ago have been stolen,” her publicist said. Reports suggest that the pictures have been shared on the so-called Dark Web—an encrypted network not easily accessible by the average user. Source: The Guardian



The post Justice indicts Russian government officials in giant Yahoo hack appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started