CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Report: China-tied hackers breached United Airlines

Report: China-tied hackers breached United Airlines
July 29, 2015
The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines. The world’s second-largest airline detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem. The United breach raises the possibility that the hackers now have data on the movements of millions of Americans. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation. Source: Bloomberg Business 

Just the fax, ma’am

Internet activists opposed to a cybersecurity bill are trying to get Congress’ attention the old-fashioned way: by flooding its fax machines. The nonprofit group Fight for the Future set up eight phone lines to convert emails and tweets protesting the Cybersecurity Information Sharing Act into faxes to all 100 U.S. senators. Supporters can fax messages via or with the hashtag #faxbigbrother. The legislation would give tech companies more freedom to collect user data and share it with federal agencies in the name of cybersecurity; the data they share would then be exempt from Freedom of Information Act requests. Source: Time

sh_military base_400

Military grinds its teeth about grid

U.S. military bases are at risk for cyber attacks against their power grid and other utility systems that provide water and other essential services, according to a report on defense infrastructure from the Government Accounting Office. Bases “may be vulnerable to cyber incidents that could degrade operations and negatively impact missions.” Retired Navy Capt. Joe Bouchard, who served as Deputy Senior Director of the National Security Council, says the vulnerability of the military’s industrial control systems has been well known for more than a decade. “Eventually, the problem will be corrected,” he said. “The problem is, there’s going to be a lot of opportunity in the meantime for a sophisticated cyber attack to cause many serious problems for the grid that could negatively impact military bases and that is a very serious national security problem.” Source: WVEC, Norfolk, Va.

Not quite meeting their claims

Credit monitoring and identity-theft protection, services often presented as a remedy for breaches that expose sensitive information, are far from cure-alls. Some security experts and the government question the utility and security of such services, suggesting that signing up for a protection program is not enough to safeguard customers’ identity. Costis Toregas, associate director of the Cyber Security Policy and Research Institute at George Washington University, said the allegations of security shortcomings are not new. “It doesn’t surprise me, because we know that companies whose job it is to secure data are themselves vulnerable,” Toregas said. “Everything is hackable. They should be very, very careful of their promises.” Source: National Journal

sh_restaurant check_400

Table for more than one

Heffernan Insurance Brokers is adding a cyber insurance program that offers a customized solution for data security and other risks that restaurants face. The program, endorsed by Golden Gate Restaurant Association, provides coverage for claims brought against restaurant owners as a result of a data breach, as well as coverage for some direct costs incurred from responding to a breach, regardless of whether a claim is ever brought. “We have seen a dramatic increase in cyber-attacks in the restaurant industry, and we are thrilled to offer restaurant owners a way to protect their business from the continual risk of data breaches,” said Heffernan ‘s Amy Vitarelli. Source: PR Newswire

They want to be a part of it

New York magazine says a hacker’s claim that its website was taken down by a pseudonymous assailant known as “ThreatKing” may be true. “We believe the outage was the result of a deliberate attack on our site,” said the magazine’s Lauren Starke. The attack hit at an inopportune time, as the magazine had posted a cover story with testimony from 35 women who recounted tales of assault at the hands of comedian Bill Cosby. The story quickly garnered national attention from news outlets. Meanwhile, hackers claimed the launch of a denial of service attack on the site, flooding it with server traffic to make the site unavailable. Source: Poynter

sh_life preserver_400

Filing a pool report

A public-private cyber catastrophe reinsurance scheme would improve U.K. cyber resilience, says a Long Finance report by Z/Yen Group, co-sponsored by APM Group. A plan along the same lines as the U.K.’s state-backed Pool Re scheme for terrorism cover also would boost U.K. competitiveness as an attractive economy for cyber business, the report said. “The report highlights the need to be prepared, and reinsurance is a key part of that preparedness,” said Michael Mainelli, Z/Yen Group executive chairman. “The insurance industry works very well at pooling small risks and avoidance of fairly significant risk with government support, but the whole area of very high-severity and very high-frequency risk is an area that government reinsurance is required for,” he said. Source: Computer Weekly

Not as secure as you might think

Sensitive work environments, such as nuclear power plants, will block computers from the Internet and ban workers from inserting USB sticks into computers. When the work is classified or involves sensitive trade secrets, companies won’t allow smartphones into the workspace. But researchers in Israel have devised a method for stealing data that bypasses traditional protections using the global system for mobile communications network, electromagnetic waves and a basic low-end mobile phone. The researchers say it serves as a warning to defense companies and others that they need to immediately “change their security guidelines and prohibit employees and visitors from bringing devices capable of intercepting RF signals,” says Yuval Elovici, director of the Cyber Security Research Center at Ben-Gurion University of the Negev. Source: Wired

sh_cyber arms dealer_400

Weapons sales of a different sort

Former small arms dealer Ori Zoller is working as a cyber arms dealer, supplying the government of Honduras with powerful surveillance tools used to spy on computers and cell phones. The revelations are contained in the internal files and emails from Hacking Team, an Italian company that sold spyware to repressive regimes and law enforcement agencies. The Hacking Team files were dumped on the Web by an anonymous source. Zoller, a former member of the Israeli special forces, acted as the middleman for Hacking Team to sell its surveillance equipment to the Honduran government, according to Hacking Team records. The records show the Hondurans paid at least $355,000 for the software, which is used to seize control of a target’s computer or cell phone, with the ability to track an individual’s movements, log their keystrokes, and even activate their computer camera. Source: First Look

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started