Category Archives: Security

Latest Ransomware Hackers Didn’t Make WannaCry’s Mistakes: PETYA

Posted on June 28, 2017 | Leave a comment

PETYA RANSOMWARE

The latest sweeping ransomware assault bares some similarity to the WannaCry crisis that struck seven weeks ago. Both spread quickly, and both hit high-profile targets like large multinational companies and critical infrastructure providers. But while WannaCry’s many design flaws caused it to flame out after a few days, this latest ransomware threat doesn’t make the same mistakes.

Originally identified as Petya, a ransomware that first started circulating in 2016, the current attack now appears to be a Petya offshoot, with added refinements such as stronger encryption. Some researchers call this new iteration “NotPetya” or “GoldenEye,” while others still refer to it as Petya. Regardless of the name, it has already hit 2,000 targets, seizing the systems of high-profile victims like Danish shipping giant Maersk, US pharmaceutical company Merck, and multiple private and public institutions in Ukraine.

And while it owes its rapid spread in part to EternalBlue, the same stolen NSA exploit WannaCry leveraged, it lacks several of the traits that made WannaCry—which turned out to be an unfinished North Korean project gone awry—easier to stop.

WannaBreak

“The quality of the code improves from iteration to iteration—this GoldenEye ransomware is pretty solid,” says Bogdan Botezatu, a researcher at the security firm Bitdefender. “We don’t get to catch a break.”

The most important WannaCry pitfall that this current round sidesteps? A kill switch that allowed researchers to neuter the ransomware around the world and drastically reduce the spread. The mechanism was a low-quality, possibly unfinished feature meant to help the ransomware avoid analysis. It backfired spectacularly. So far, GoldenEye shows no signs of containing such a glaring error.

Additionally, WannaCry spread between networks across the internet like a worm, relying almost entirely on EternalBlue to get in and hitting systems that hadn’t yet downloaded Microsoft’s patch for that vulnerability. This new ransomware also targets devices that somehow still aren’t secured against EternalBlue, but can deploy other infection options as well. For example, the attackers seem to be spreading the ransomware through the software update feature of a Ukrainian program called MeDoc, and possibly through Microsoft Word documents laced with malicious macros.

Along with exploiting EternalBlue to gain access when possible, the ransomware can also leverage an additional Shadow Brokers-leaked NSA exploit known as EternalRomance (patched by Microsoft in March) for  remote access. And some researchers have also found unconfirmed evidence that the ransomware may take advantage of yet another tool published by the ShadowBrokers, known as EsteemAudit, that specifically targets computers running Windows XP and Windows Server 2003. Microsoft patched that vulnerability two weeks ago as part of its unprecedented effort to secure its old, unsupported operating systems against leaked NSA exploits.

Once inside the network, the ransomware steals administrative credentials, giving it control over powerful system management tools like Windows PsExec and Windows Management Instrumentation.

“If a system with enough administrative privileges is compromised, it will simply instruct all other PCs it has access to run the malware as well,” says Fabian Wosar, a security researcher at the defense firm Emsisoft, which specializes in malware and ransomware. “That is why a lot of system administrators are freaking out right now.”

Smarts, Not Scale

Because GoldenEye appears to take a more targeted approach to infection, rather than barreling around the internet, it has so far resulted in fewer infections: it has affected 2,000 targets versus the hundreds of thousands that WannaCry hit. But don’t read that as a weakness necessarily. WannaCry’s ability to spread over the internet led to out-of-control infections, and its creators were ill-equipped to handle that volume of potential payments.

In fact, WannaCry hackers proved incapable of tracking payments whatsoever. Attackers had victims send ransoms to one of four set bitcoin addresses, instead of assigning each target a unique address. This made incoming payments difficult to track, and left it to the criminals to figure out which victims (among hundreds of thousands) had paid and should be sent a decryption key.

Payment happens to be GoldenEye’s current weakness as well, though not due to WannaCry-level incompetence. It relies on manual payment validation, meaning that when victims pay the ransom they must email proof of payment to an email address, after which hackers send a decryption key. Not only does a manual system make it harder for attackers to get paid, it can reduce victim faith that paying the ransom will result in decryption.

Also? The hackers’ email provider, Posteo, pulled the plug on their account, making payment confirmation pretty much impossible.

No Easy Fix

This latest round of ransomware appears to be here to stay. The diversity of delivery options means that no single patch can necessarily provide complete protection against it. Still, administrators can take some steps to protect their systems. Analysts agree that while patches don’t solve everything in this situation, they are still crucially important and do offer real defense. “Very, very important to patch,” says MalwareHunter, a researcher with the MalwareHunterTeam analysis group.

Researchers also note that the ransomware runs on boot, meaning that if you can disrupt a system before Windows boots, or if you encounter a “Check Disk” message, you can avoid having your files encrypted by quickly powering down.

Additionally, for the current variant of ransomware, administrators can stop the spread within a network from the Windows Management Instrumentation by blocking the file C:\Windows\perfc.dat from running.

“The problem is, patching is only one method of defense,” says David Kennedy, CEO of threat detection firm Binary Defense. “Credential harvesting and using that for lateral movement was the big impact in this situation.”

All of which provides cold comfort for those already impacted. And based on how many companies ignored the EternalBlue patch, even after the WannaCry threat, it may not end up slowing down the current outbreak at all.

First place to start make sure your systems have the latest patches and updates !!!

Leave a comment

Posted in Cyber Security, Encryption, Hacking, Security

Tagged , ,

CoPilot settles with New York AG for delaying breach notification for over one year

Posted on June 19, 2017 | Leave a comment

This is only the beginning of what will happen in the future.

It took over a year to notify 220,000 individuals of a breach to its website. HHS is determining if it’s a HIPAA-covered business associate.

CoPilot Provider Services has settled with New York for $130,000 in penalties for waiting more than a year to notify its customers of a breach to the company’s website, NY Attorney General Eric Schneiderman announced Thursday.

The attorney general determined the healthcare administrative services and IT provider violated general business law, in its delayed breach notification to its 221,178 customers. CoPilot agreed to the monetary settlement and to reform its notification and legal compliance program.

The breach occurred in October 2015, when an unauthorized individual accessed confidential patient reimbursement data through the administration site. The hacker downloaded data that included names, birthdates, addresses, phone numbers and medical insurance card details.

However, CoPilot waited until January 2017 to begin formally notifying its customers of the breach.

The FBI began investigating the incident in February at CoPilot’s request, focusing on a former employee they believed was responsible.

CoPilot blamed the breach notification delay on the FBI investigation, but law enforcement didn’t say that customer notification would hinder the ongoing investigation and didn’t instruct CoPilot to delay. General business law instructs that companies must provide timely breach notification.

The Department of Health and Human Services is still looking into whether CoPilot is considered a covered business associate under HIPAA.

Thursday’s agreement also states that CoPilot will comply with New York’s consumer protection and data security laws.

“Healthcare services providers have a duty to protect patient records as securely as possible and to provide notice when a breach occurs,” said Schneiderman in a statement. “Waiting over a year to provide notice is unacceptable. My office will continue to hold businesses accountable to their responsibility to protect customers’ private information.”

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged , ,

Data security – should you care?

Posted on June 15, 2017 | Leave a comment

Daily there are new articles that talk about data breaches, cyber attacks, ransom ware, etc. We all panic when our networks are down for routine maintenance – “I don’t have anything to do!” Imagine a world where everything is driven by data and machines?

Today a data breach can be uncomfortable – personal information is shared with the wrong people. However, in years to come a data breach can mean the difference between life and death. Imagine cruising down the freeway in your autonomous driving car and the system is hacked and your car stops abruptly, but other cars do not. Imagine being on the operating table and having a robot operating on you, the system is breached and instead of taking out your appendix the bad guys makes it remove your spleen or worse – kill you.

In the years to come we all need to get a lot more educated about data security and how to avoid breaches. This applies in both our personal and professional lives. We need to ask questions of organizations we provide data to and consume data from – how well are they performing and how vested are they in keeping us safe.

Data security needs to move into mainstream conversations and be an integral part of any security initiative.

Leave a comment

Posted in Big Data, Cyber Security, Security

Tagged ,

Cybersecurity for CEOs: The Game Has Changed

Posted on June 12, 2017 | Leave a comment

I’m honored and humbled that my colleagues have asked me to join them to speak on a panel Cybersecurity for CEO’s “The Game Has Changed” Atlanta Georgia World Conference Center June 21-24 for National Apartment Association.

https://www.naahq.org/education-conference/education

Leave a comment

Posted in Cyber Security, Security

Tagged

Chipotle says hackers hit most restaurants in data breach

Posted on May 30, 2017 | Leave a comment

Hackers used malware to steal customer payment data from most of Chipotle Mexican Grill Inc’s (CMG.N) restaurants over a span of three weeks, the company said on Friday, adding to woes at the chain whose sales had just started recovering from a string of food safety lapses in 2015.

Chipotle said it did not know how many payment cards or customers were affected by the breach that struck most of its roughly 2,250 restaurants for varying amounts of time between March 24 and April 18, spokesman Chris Arnold said via email.

A handful of Canadian restaurants were also hit in the breach, which the company first disclosed on April 25.

Stolen data included account numbers and internal verification codes. The malware has since been removed.

The information could be used to drain debit card-linked bank accounts, make “clone” credit cards, or to buy items on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the non-profit Privacy Rights Clearinghouse.

The breach could once again threatens sales at its restaurants, which only recently recovered after falling sharply in late 2015 after Chipotle was linked to outbreaks of E. coli, salmonella and norovirus that sickened hundreds of people.

An investigation into the breach found the malware searched for data from the magnetic stripe of payment cards.

Arnold said Chipotle could not alert customers directly as it did not collect their names and mailing addresses at the time of purchase.

The company posted notifications on the Chipotle and Pizzeria Locale websites and issued a news release to make customers aware of the incident.

Linn Freedman, an attorney at Robinson & Cole LLP specializing in data breach response, said Chipotle was putting the burden on the consumer to discover possible fraudulent transactions by notifying them through the websites.

“I don’t think you will get to all of the customers who might have been affected,” she said.

Security analysts said Chipotle would likely face a fine based on the size of the breach and the number of records compromised.

“If your data was stolen through a data breach that means you were somewhere out of compliance” with payment industry data security standards, Julie Conroy, research director at Aite Group, a research and advisory firm.

“In this case, the card companies will fine Chipotle and also hold them liable for any fraud that results directly from their breach,” said Avivah Litan, a vice president at Gartner Inc (IT.N) specializing in security and privacy.

Chipotle did not immediately comment on the prospect of a fine.

Retailer Target Corp (TGT.N) in 2017 agreed to pay $18.5 million to settle claims stemming from a massive data breach in late 2013.

Hotels and restaurants have also been hit. They include Trump Hotels, InterContinental Hotels Group (IHG.L) as well as Wendy’s (WEN.O), Arby’s and Landry’s restaurants.

Shares in Chipotle Mexican Grill ended marginally lower at $480.15 on Friday following the announcement.

 

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged ,

Homeland Security Issues Warning on Cyberattack Campaign

Posted on May 10, 2017 | Leave a comment

The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems.

The alert notes that DHS’ National Cybersecurity and Communications Integration Center “has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including information technology, energy, healthcare and public health, communications and critical manufacturing.”

Mac McMillan, president of the security consulting firm CynergisTek, says the threat is serious. “These attacks could lead to full network compromise, long-term undetected attacks, and compromise/exploitation of systems and data, essentially putting both operations and patient safety at risk,” he says.

The April 27 alert, which was updated on May 2, says preliminary analysis has found that threat actors appear to be leveraging stolen administrative credentials – local and domain – and certificates.

“Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments,” the alert notes. “Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.”

Under Investigation

DHS says the activity is still under investigation. “The threat actors in this campaign have been observed employing a variety of tactics, techniques, and procedures,” according to the alert. “The actors use malware implants to acquire legitimate credentials then leverage those credentials to pivot throughout the local environment. NCCIC is aware of several compromises involving the exploitation of system administrators’ credentials to access trusted domains as well as the malicious use of certificates.”

Additionally, the adversary makes heavy use of PowerShell and the open source PowerSploit tool to enable assessment, reconnaissance, and lateral movement, the alert notes.

“Command and control primarily occurs using RC4 cipher communications over port 443 to domains that change IP addresses. Many of these domains spoof legitimate sites and content, with a particular focus on spoofing Windows update sites. Most of the known domains leverage dynamic DNS services, and this pattern adds to the complexity of tracking this activity.”

In addition to leveraging user impersonation via compromised credentials the attackers are using malware implants left behind on key relay and staging machines, the alert states. “In some instances, the malware has only been found within memory with no on-disk evidence available for examination. To date, the actors have deployed multiple malware families and variants, some of which are currently not detected by anti-virus signatures. The observed malware includes PLUGX/SOGU and RedLeaves.”

The attackers have modified the malware to “improve effectiveness and avoid detection by existing signatures,” the alert notes.

DHS warns successful network intrusion involving these attacks could result in temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files and potential harm to an organization’s reputation.

Earlier Warning

The DHS alert follows a blog posted in early April by researchers at BAE Systems and PwC about the firms’ investigation into a campaign of intrusions against several major managed services providers.

“These attacks can be attributed to the actor known as APT10 – a.k.a. CVNX, Stone Panda, MenuPass, and POTASSIUM,” the blog states. “Their activity seems to have increased in mid-2016, and has focused on compromise of MSPs as a stepping stone into victim organizations.”

APT10 is a Chinese cyber espionage group that the security firm FireEye has been tracking since 2009.

The blog from BAE and PwC notes that the current campaign linked to APT10 can be split into two sets of activity: Attacks targeting MSPs, engineering and other sectors with common as well as custom malware, and attacks targeting Japanese organizations with the ‘ChChes’ malware.

The attacks linked to APT10 targeting managed services providers use a custom dropper for their various implants, the researchers note. “This dropper makes use of dynamic-link library side-loading to execute the main payload.” The researchers write their analysis shows the attackers have used several payloads, including:

  • PlugX, a well-known espionage tool in use by several threat actors;
  • RedLeaves, a newly developed, fully-featured backdoor, first used by APT10 in recent months.

“Whilst these attackers have skill, persistence, some new tools and infrastructure – there is nothing about the techniques themselves that should make this hard to detect or mitigate. The lessons learned from these incidents should be used as an opportunity for security improvements for both MSPs and their customers,” the blog says.

DHS in its alert notes: “All organizations that provide IT services as a commodity for other organizations should evaluate their infrastructure to determine if related activity has taken place. Active monitoring of network traffic for the indicators of compromise … as well as behavior analysis for similar activity, should be conducted to identify command and control traffic.”

In addition, DHS notes, “Frequency analysis should be conducted at the lowest level possible to determine any unusual fluctuation in bandwidth indicative of a potential data exfiltration. Both management and client systems should be evaluated for host indicators provided.”

Precautionary Moves

McMillan suggests that healthcare entities take steps to prevent falling victim to these attacks.

“Healthcare organizations should ensure that their service provider is actually looking for the indicators,” he says. “Within their own network they should be assessing for the presence of the detailed indicators in the NCCIC report. If an indicator of compromise is detected they should take appropriate action to remediate and reach out to NCCIC for assistance and further details. Secondarily, they should be reviewing the service provider contracts to ensure the vendor is monitoring actively.”

About the Author:

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Marianne Kolbasuk McGee is executive editor of Information Security Media Group’s HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek’s healthcare IT media site.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged ,

Google Docs users hit with sophisticated phishing attack in their inboxes

Posted on May 4, 2017 | Leave a comment

Google said it was investigating an email scam winding its way through inboxes across the country and had disabled the accounts responsible for the spam.

The scheme emerged Wednesday afternoon, when spammers dispatched malicious email, appearing to come from people the recipients knew, beckoning them to click on what appeared to be a shared Google document.

Recipients who clicked on the links were prompted to give the sender access to their Google contact lists and Google Drive. In the process, victims allowed spammers to raid their contact lists and send even more email.

“We are investigating a phishing email that appears as Google Docs,” Google said statement posted on Twitter. “We encourage you to not click through and report as phishing within Gmail.”

It is not clear who created the spam email or how many people it has affected.

In a second statement, on Wednesday evening, Google said that it had disabled the accounts responsible for the spam, updated its systems to block it and was working on ways to prevent such an attack from recurring.

If you receive suspicious email, here are some tips:

1. Do not click, even when the email is from your mother.

Even when you receive links from trusted contacts, be careful what you click. Spammers, cybercriminals and, increasingly, nation-state spies are resorting to basic email attacks, known as spear phishing, which bait victims into clicking on links that download malicious software, or lure them into turning over their user names and passwords.

A quarter of phishing attacks studied last year by Verizon were found to be nation-state spies trying to gain entry into their target’s inboxes, up from the 9 percent of attacks reported in 2016.

In this case, the malicious emails all appeared to come from a contact, but were actually from the address “hhhhhhhhhhhhhhhh@mailinator.com” with recipients BCCed.

2. Turn on multifactor authentication.

Google and most other email, social media and banking services offer customers the ability to turn on multifactor authentication. Use it. When you log in from an unrecognized computer, the service will prompt you to enter a one-time code texted to your phone. It is the most basic way to prevent hackers from breaking into your accounts with a stolen password.

3. Shut it down.

If you accidentally clicked on the Google phishing attack and gave spammers third-party access to your Google account, you can revoke their access by following these steps:
https://myaccount.google.com/permissions

Revoke access to “Google Docs” (the app will have access to contacts and drive).

4. Change your passwords … again.

If you’ve been phished, change your passwords to something you have never used before. Ideally, your passwords should be long and should not be words that could be found in a dictionary. The first things hackers do when breaking into a site is use computer programs that will try every word in the dictionary. Your email account is a ripe target for hackers because your inbox is the key to resetting the passwords of, and potentially breaking into, dozens of other accounts.

Make your password long and distinctive at least 12 characters. Security specialists advise creating acronyms based on song lyrics, movie quotations or sayings. For example, “StarWars” becomes !!$t@r|W@rz!!

5. Report it.

Report any phishing attacks to Google by clicking the downward arrow at the top right of your inbox and selecting “Report Phishing.” Companies count on those reports to investigate such scams and stop them.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged ,

Chipotle says payment system was hacked

Posted on April 26, 2017 | Leave a comment

Unauthorized activity detected from March 24 through April 18

Chipotle Mexican Grill Inc. said on Tuesday that it detected unauthorized activity on its payment system this spring.

The company did not have details about the extent of the hack, and how many restaurants or customers could have been affected. CFO Jack Hartung said during the company’s earnings call on Tuesday that the hack affected the company’s credit card systems from March 24 through April 18.

Chipotle Mexican Grill Inc. said on Tuesday that it detected unauthorized activity on its payment system this spring.

The company did not have details about the extent of the hack, and how many restaurants or customers could have been affected. CFO Jack Hartung said during the company’s earnings call on Tuesday that the hack affected the company’s credit card systems from March 24 through April 18.

Hartung said the company immediately began an investigation, working with cyber security firms.

“We believe the actions taken have stopped the unauthorized activity,” he said.

The news put a damper on an otherwise strong first-quarter earnings report for the Denver-based burrito chain.

Chipotle reported 17.8-percent same-store sales growth in the quarter ended March 31, along with improved profit margins. The numbers were unexpectedly positive and led to a spike that at one time put Chipotle’s stock price above $500 a share for the first time since February 2016.

After Chipotle revealed news of the hack, the stock price fell below $480.

Just another day at the office.

 

Leave a comment

Posted in Cyber Security, Hacking, Security

Tagged ,

‘Can You Hear Me?’ Scam Hooks Victims With a Single Word

Posted on April 7, 2017 | Leave a comment

Scams recently reported to the Better Business Bureau’s Scam Tracker.

Don’t pick up the phone to answer calls from unknown numbers. Instead, let them go to voicemail.

That’s the operational security advice being promulgated to Americans by the U.S. Federal Communications Commission in response to an ongoing series of attacks designed to trick victims into uttering a single word.

The FCC says in a March 27 alert that the scam centers on tricking victims into saying the word “yes,” which fraudsters record and later use to attempt to make fraudulent charges on a person’s utility or credit card accounts.

“The scam begins when a consumer answers a call and the person at the end of the line asks, ‘Can you hear me?’ The caller then records the consumer’s ‘Yes’ response and thus obtains a voice signature,” the FCC warns. “This signature can later be used by the scammers to pretend to be the consumer and authorize fraudulent charges via telephone.”

Fake Tech Support

This isn’t the first time that fraudsters have “weaponized” the telephone.

Scammers have long phoned consumers, pretending to be from a government agency such as the Internal Revenue Service. Another frequent ploy is pretending to be from the support department of a technology firm, such as Microsoft or Facebook, and then trying to get victims to pay for bogus security software meant to fix nonexistent problems on their PC.

Authorities have made some related arrests. Last year, Indian police arrested 70 suspects as part of an investigation into a fake IRS call center scam.

Also last year, the FTC announced a $10 million settlement with a Florida-based tech-support scheme, run by an organization called Inbound Call Experts, also known as Advanced Tech support. The FTC and the state of Florida said the organization ran “services falsely claiming to find viruses and malware on consumers’ computers.”

Researchers Study Scammers

In a recent paper, “Dial One for Scam: A Large-Scale Analysis of Technical Support Scams,” researchers at the State University of New York at Stony Brook described how the tech-support version of these scams work, as well as how they might be disrupted by targeting the infrastructure on which scammers rely.

“Scammers use specific words in the content of a scam page to convince the users that their machines are infected with a virus,” the researchers say.

The Stony Brook researchers designed a tool called ROBOVIC – for robotic victim – that found that of 5 million domains that it successfully connected to during a 36-week period beginning in September 2015, it logged 22,000 URLs as serving tech-support scams, connecting to a total of about 8,700 unique domain names.

But those 22,000 different web pages used a total of only 1,600 phone numbers, of which 90 percent were connected to one of four VoIP services: Bandwidth, RingRevenue, Twilio and WilTel.

The researchers also phoned 60 scam telephone numbers to log the social engineering tactics – aka trickery – used by scammers. The researchers found that on average, scammers waited until 17 minutes of a call elapsed before offering their services in exchange for money. Most would offer support packages that ranged from a one-time fix to multi-year support, with costs ranging from $69.99 to $999.99. Scammers would typically offer multiple options, then try to persuade victims to pick the middle-priced one, the researchers found.

Freelance attacks appear to be rare. “Through the process of interacting with 60 different scammers, we are now convinced that most, if not all, scammers are part of organized call centers,” the researchers write.

Fake Support is Lucrative

These attacks are relatively easy to launch, inexpensive to run, potentially very lucrative and show no signs of stopping.

Peter Kruse, head of the security group at Danish IT-security firm CSIS, this week warned via Twitter that multiple websites were pretending to be related to the technical support group from Czech anti-virus software developer Avast and urging individuals to call one of the listed phone numbers.

Needless to say, these numbers don’t lead to Avast, which develops free security software that’s used by many consumers. Instead, the numbers go to call centers tied to fraudsters. Avast has repeatedly warned that this a well-worn scam, with attackers often claiming to be connected to Avast, Dell, Microsoft, Symantec or other technology firms.

Advice for Victims

There’s no way to prevent criminals from running these types of scams.

But law enforcement and consumer rights groups have long urged victims to file a report, even if they didn’t suffer any financial damage as a result.

For anyone targeted by the “yes” scam, the FCC recommends immediately reporting the incident to the Better Business Bureau’s Scam Tracker and to the FCC Consumer Help Center. The FCC’s site also offers advice on tools for blocking robocalls, texts and marketing calls.

Anyone who thinks they may have been the victim of phone scammers, for example, by paying for fake tech support, can file a fraud report with their credit card company.

Authorities also recommend they report the attempt to relevant authorities, such as the FBI’s IC3 Internet Complaint Center. Law enforcement agencies use these reports as a form of crowdsourcing, helping them secure funding to battle these types of scams, as well as take them down.

 

Leave a comment

Posted in Cyber Security, Hacking, Security

Tagged , ,

House Votes in Favor of Letting ISPs Sell Your Browsing History

Posted on March 31, 2017 | Leave a comment

Your internet history and browsing habits are for sale, and the House voted Tuesday to keep it that way, rolling back rules that would have barred internet service providers from selling your data without consent.

The measure would bar the Federal Communications Commission from enforcing rules it passed last year, during President Barack Obama’s administration, that would have required broadband providers to get your explicit consent before they could sell your personal data.

Before Tuesday’s the vote, representatives who wanted to keep the rules stripped the debate down to something as mundane as buying underwear online, privately.

“I know there has got to be somebody in this body who believes [internet service providers] should not have anybody’s underwear size,” said Rep. Keith Ellison, D-Minnesota.

With strong opposition from Democrats, the measure narrowly passed in the House by a 215-205 vote. No Democrats voted for the bill, and 15 Republicans opposed it. A similar version squeaked through the Senate last Thursday on a party-line vote of 50-48.

The president’s signature is all that is needed now to roll back the rules, leaving consumer data fair game for internet service providers and, crucially, barring the FCC from issuing similar protections in the future. The White House said in a statement on Tuesday that it “strongly supports” the repeal.

After the vote, the Internet & Television Association issued a statement applauding the congressional action to repeal “the FCC’s misguided rules.”

“With a proven record of safeguarding consumer privacy, internet providers will continue to work on innovative new products that follow ‘privacy-by-design’ principles and honor the FTC’s successful consumer protection framework,” the group said in a statement. “We look forward to working with policymakers to restore consistency and balance to online privacy protections.”

CTIA, formerly the Cellular Telecommunications and Internet Association, an advocacy group for the industry, applauded the measure’s sponsors last week for “seeking a common-sense and harmonized approach to protecting Americans’ privacy.”

“Wireless carriers are committed to safeguarding consumer privacy, and we support regulatory clarity and uniformity across our digital economy,” CTIA said in a statement.

But internet privacy advocates are framing this as a battle between privacy and profits.

Kate Tummarello, a policy analyst at the San Francisco based Electronic Frontier Foundation, said the “commonsense rules” Congress voted to repeal were designed “to protect your data” and keep internet service providers from doing a “host of creepy things” without your consent.

“Of course, the ISPs that stand to make money off of violating your privacy have been lobbying Congress to repeal those rules,” she said in a statement before the vote. “Unfortunately, their anti-consumer push has been working.”

The measure has also spawned a call to action from Data Does Good, a company that wants to empower people to leverage their data to help in the fight for online privacy rights.

The premise: Give Data Does Good your Amazon shopping history, which they say they’ll automatically anonymize and pool with others before selling it to retailers.

Data Does Good will then donate $15 on your behalf to a non-profit of your choice that is fighting for privacy rights, such as the Electronic Frontier Foundation or the ACLU.

Still more to come.  Remember the NSA already has all of this information.

Leave a comment

Posted in Cyber Security, Security, Technology

Tagged ,