Daily Archives: April 15, 2016

Russian cyber criminal targets elite Chicago law firms

Posted on April 15, 2016 | Leave a comment
russian-cyber-criminal-targets-elite-chicago-law-firms

Photo by ThinkStock

A Russian cyber criminal has targeted nearly 50 elite law firms, including four in Chicago, to collect confidential client information for financial gain.

The mastermind, a broker named “Oleras” living in Ukraine, has been attempting since January to hire hackers to break into the firms’ computer systems so he can trade on insider information, according to a Feb. 3 alert from Flashpoint, a New York threat intelligence firm.

Kirkland & Ellis, Sidley Austin, McDermott Will & Emery and Jenner & Block all were listed on a spreadsheet of potential marks. It named 46 of the country’s largest law firms, plus two members of the UK’s Magic Circle.

A spokeswoman for Flashpoint said the firm had notified law enforcement and declined to comment further.

The FBI was investigating as of March 4, when it published its own industry alert detailing the threat. The agency’s press office did not return a message seeking comment.

Kirkland was aware of the threat, and no client data was accessed, the firm’s chief information officer, Dan Nottke, said in an email. The firm subscribes to several security information-sharing services, including ones operated by the FBI and the Financial Services Information Sharing and Analysis Center, the cybersecurity information clearinghouse for the financial services industry.

Spokesmen for McDermott and Jenner declined to comment. Messages to Sidley seeking comment were not returned.

Law firms have largely trailed their clients in confronting the possibility of hackers accessing their networks for illegal profit. Though they hold vast repositories of confidential information, many firms are slow to adopt up-to-date defenses against malware and spyware, said Jay Kozie, principal at Keno Kozie Associates, a Chicago-based law firm technology consultancy.

“I’ve always been surprised, frankly, that the law firms have not been more aggressively targeted in the past,” he said. “If you’ve got confidential information about a merger or a patent, it’s going to be very valuable.”

In this latest scheme, Oleras posted on a cyber criminal forum a plan to infiltrate the law firms’ networks, then use keywords to locate drafts of merger agreements, letters of intent, confidentiality agreements and share purchase agreements. The list of targeted law firms also included names, email address and social media accounts for specific employees at the firms.

“Overall, Oleras wanted to know in advance which companies were going to be merged with the help of the stolen law firm documents and subsequently leverage this information to execute algorithmic insider trading activities,” the Flashpoint alert says, with the money then laundered through front companies in Belize and Cypriot bank accounts.

The broker hoped to recruit a black-hat hacker to handle the job’s technical aspects for $100,000, plus another 45,000 rubles (about $564). He offered to split the proceeds of any insider trading 50-50 after the first $1 million.

On Feb. 22, another Flashpoint alert noted that Oleras had singled out eight lawyers from top firms, including one from Kirkland’s management committee, for a sophisticated phishing attack. The phishing email appeared to originate from an assistant at trade journal Business Worldwide and asked to profile the lawyer for excellence in M&A.

Targeted Firms
A Russian cyber criminal has targeted 48 law firms, including four in Chicago.

Firm
Akin Gump Strauss Hauer & Feld
Allen & Overy
Baker & Hostetler
Baker Botts
Cadwalader Wickersham & Taft
Cleary Gottlieb Steen & Hamilton
Covington & Burling
Cravath Swaine & Moore
Davis Polk & Wardwell
Debevoise & Plimpton
Dechert
DLA Piper
Ellenoff Grossman & Schole
Freshfields Bruckhaus Deringer
Fried Frank Harris Shriver & Jacobson
Gibson Dunn & Crutcher
Goodwin Procter
Hogan Lovells
Hughes Hubbard & Reed
Jenner & Block
Jones Day
Kaye Scholer
Kirkland & Ellis
Kramer Levin Naftalis & Frankel
Latham & Watkins
McDermott Will & Emery
Milbank Tweed Hadley & McCloy
Morgan Lewis & Bockius
Morrison & Foerster
Nixon Peabody
Paul Hastings
Paul Weiss Rifkind Wharton & Garrison
Pillsbury Winthrop Shaw Pittman
Proskauer Rose
Ropes & Gray
Schulte Roth & Zabel
Seward & Kissel
Shearman & Sterling
Sidley Austin
Simpson Thacher & Bartlett
Skadden Arps Slate Meagher & Flom
Sullivan & Cromwell
Vinson & Elkins
Wachtell Lipton Rosen & Katz
Weil Gotshal & Manges
White & Case
Wilkie Farr & Gallagher

Source: Flashpoint Feb. 3 email alert

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Law Enforcement

Tagged , ,

Microsoft sues U.S. government over data requests

Posted on April 15, 2016 | Leave a comment

Microsoft

An important case to pay attention to:

SAN FRANCISCO (Reuters) – Microsoft Corp (MSFT.O) has sued the U.S. government for the right to tell its customers when a federal agency is looking at their emails, the latest in a series of clashes over privacy between the technology industry and Washington.

The lawsuit, filed on Thursday in federal court in Seattle, argues that the government is violating the U.S. Constitution by preventing Microsoft from notifying thousands of customers about government requests for their emails and other documents.

The government’s actions contravene the Fourth Amendment, which establishes the right for people and businesses to know if the government searches or seizes their property, the suit argues, and Microsoft’s First Amendment right to free speech.

The Department of Justice is reviewing the filing, spokeswoman Emily Pierce said.

Microsoft’s suit focuses on the storage of data on remote servers, rather than locally on people’s computers, which Microsoft says has provided a new opening for the government to access electronic data.

Using the Electronic Communications Privacy Act (ECPA), the government is increasingly directing investigations at the parties that store data in the so-called cloud, Microsoft says in the lawsuit. The 30-year-old law has long drawn scrutiny from technology companies and privacy advocates who say it was written before the rise of the commercial Internet and is therefore outdated.

“People do not give up their rights when they move their private information from physical storage to the cloud,” Microsoft says in the lawsuit. It adds that the government “has exploited the transition to cloud computing as a means of expanding its power to conduct secret investigations.”

SURVEILLANCE BATTLE

The lawsuit represents the newest front in the battle between technology companies and the U.S. government over how much private businesses should assist government surveillance.

By filing the suit, Microsoft is taking a more prominent role in that battle, dominated by Apple Inc (AAPL.O) in recent months due to the government’s efforts to get the company to write software to unlock an iPhone used by one of the shooters in a December massacre in San Bernardino, California.

Apple, backed by big technology companies including Microsoft, had complained that cooperating would turn businesses into arms of the state.

“Just as Apple was the company in the last case and we stood with Apple, we expect other tech companies to stand with us,” Microsoft’s Chief Legal Officer Brad Smith said in a phone interview after the suit was filed.

One security expert questioned Microsoft’s motivation and timing. Its lawsuit was “one hundred percent motivated by business interests” and timed to capitalize on new interest in customer privacy issues spurred in part by Apple’s dispute, said D.J. Rosenthal, a former White House cyber security official in the Obama administration.

As Microsoft’s Windows and other legacy software products are losing some traction in an increasingly mobile and Internet-centric computing environment, the company’s cloud-based business is taking on more importance. Chief Executive Satya Nadella’s describes Microsoft’s efforts as “mobile first, cloud first.”

Its customers have been asking the company about government surveillance, Smith said, suggesting that the issue could hurt Microsoft’s ability to win or keep cloud customers.

In its complaint, Microsoft says over the past 18 months it has received 5,624 legal orders under the ECPA, of which 2,576 prevented Microsoft from disclosing that the government is seeking customer data through warrants, subpoenas and other requests. Most of the ECPA requests apply to individuals, not companies, and provide no fixed end date to the secrecy provision, Microsoft said.

Microsoft and other companies won the right two years ago to disclose the number of government demands for data they receive. This case goes farther, requesting that it be allowed to notify individual businesses and people that the government is seeking information about them.

Increasingly, U.S. companies are under pressure to prove they are helping protect consumer privacy. The campaign gained momentum in the wake of revelations by former government contractor Edward Snowden in 2013 that the government routinely conducted extensive phone and Internet surveillance to a much greater degree than believed.

Late last year, after Reuters reported that Microsoft had not alerted customers, including leaders of China’s Tibetan and Uigher minorities, that their email was compromised by hackers operating from China, Microsoft said publicly it would adopt a policy of telling email customers when it believed their email had been hacked by a government.

The company’s lawsuit on Thursday comes a day after a U.S. congressional panel voted unanimously to advance a package of reforms to the ECPA.

Last-minute changes to the legislation removed an obligation for the government to notify a targeted user whose communications are being sought. Instead, the bill would require disclosure of a warrant only to a service provider, which retains the right to voluntarily notify users, unless a court grants a gag order.

It is unclear if the bill will advance through the Senate and become law this year.

Separately, Microsoft is fighting a U.S. government warrant to turn over data held in a server in Ireland, which the government argues is lawful under another part of the ECPA. Microsoft argues the government needs to go through a procedure outlined in a legal-assistance treaty between the U.S. and Ireland.

Twitter Inc (TWTR.N) is fighting a separate battle in federal court in Northern California over public disclosure of government requests for information on users.

The case is Microsoft Corp v United States Department of Justice et al in the United States District Court, Western District of Washington, No. 2:16-cv-00537.

Leave a comment

Posted in Big Data, Cyber Security, eDiscovery, Forensic, Law Enforcement, Public Cloud, Security

Tagged , ,

Who is responsible for your cloud application breach?

Posted on April 15, 2016 | Leave a comment

Cloud_Security

Cloud application security has been a big concern of lately due to several data breaches occurring in the cloud services such as the icloud hack, Target, Home Depot, United States internal Revenue system. Therefore the security of application poses a question as where does the responsibility of the application security lie?
Is it with the vendor or the company or person availing the services? The answer goes both sides, as the security aspect of the server side is only covered by the vendor of the cloud application services the client side still needs the security which is mostly overlooked by the people or the companies.
The client side application security is of utmost importance as only the server side security is not enough to protect the application from security breaches.
The different kind of security threats which pose a great danger to the cloud application security are as follows:

Data breaches

  • Account Hijacking
  • Compromised credentials
  • Permanent Data loss
  • Shared Technologies
  • Cloud service abuse
  • Hacked Interface and API

Data Breaches

This is one of the biggest threat to the cloud services because of the vast amount of data stored on the cloud servers. The sensitivity of the data can be imagined easily, as the cloud is storing the financial details as well as personal details of millions of people. And if this vast amount of data is breached in any case it will cause a downfall of the company and also a threat to the lives of people who have been exposed due to the breach.

 Account Hijacking

This attack has been there for a quite long time, it includes Fraud, Phishing, Software Exploits etc. Using these kind of attacks, the cloud services can be compromised and can lead to launching of other attacks, changing the settings of account, manipulate transactions, uploading malwares and illegal contents.

 Compromised Credentials

The credentials are compromised generally due to weak passwords, casual authentication, poor key or certificate management. Also the identity access management becomes a problem as the user access are sometimes not changed with the job role and responsibilities or when the user leaves the organization.
Embedding credentials and cryptographic keys in source code and leaving them in the online repositories such as GitHub also makes a big vulnerability which can be exploited easily. Aligning the identity with the cloud provider needs an understanding of the security measures taken in account.

 Permanent Data Loss

Malicious hackers have gained access to the cloud services and deleted data permanently in the past affecting the business. Also the cloud data centers are vulnerable to natural disasters which can swipe away the data which has been stored on the cloud.
If the user encrypts the data before uploading to the cloud and loses the key then data is lost. Thus the client side protection of data should be managed and well kept. Permanent data loss can lead to financial crisis and disruption of the working system.

 Shared Technologies

As the cloud service providers share infrastructure, platforms and applications from different sources therefore any reconfiguration or vulnerability in these layers affects the users and can also lead to compromise of the users system as well as the cloud depending upon the potential of the vulnerability.
Thus the security alone at the cloud server side is not only the real issue, Security has to be maintained at a vast level consisting of all the aspects of the cloud environment. The client side also needs to be secured as the attacks also possible from the client side due to low or no security measures.

 Cloud Service Abuse

Cloud applications are breached to gain access to the commanding position in the cloud where the resources can be used for different malicious purposes such as launching a DDOS attacks or sending bulk spams and phishing emails, breaking an encryption key or hosting Malicious content.
This abuse may lead to unavailability of the services or can also lead to loss of data of the users stored on the cloud, therefore it is very much necessary to secure the applications from abuse.

 Hacked Interface and API

To build an application now the developers are using ready to use interfaces and API to make their work simple, but these API’s and Interfaces tend to be the most exposed part of the system as they are available freely on the internet.
Almost every cloud service and application now offer API, IT reams are using these interfaces to interact with the cloud services such as management, provisioning, monitoring etc. Thus the level of threat to the cloud services increases manifold. This requires rigorous code reviews and penetrating testing to secure the application and services.

 Conclusion

As we see that there are a lot of possibilities of breaching your data stored in the cloud due to the importance of data. Therefore your data cannot be secured alone just by the cloud service provider, there is a shear work required from the client side to protect the application and data from the outer security threats. Therefore security audits should be done in order to secure your precious data from threats.

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Hacking, Public Cloud, Security

Tagged , ,