PatrickPretty.com

Tag: cybercrime

  • U.S. Postal Service Targeted In Cyber Attack; Customer, Employee Data Breached

    Benjamin Franklin, first Postmaster General. Source: screen shot from USPS illustrated booklet, "The United States Postal Service: An American History, 1775-2006."
    Benjamin Franklin, first Postmaster General. Source: screen shot from USPS illustrated booklet, “The United States Postal Service: An American History, 1775-2006.”

    There have been cyber attacks on banks, retail outlets, U.S. government sites and sites operated by U.S. government contractors.

    And now the FBI is investigating an attack on the U.S. Postal Service.

    In some ways, the attack might be viewed by Americans as the most personally violative to date. Virtually the whole of America — from the largest of cities to the smallest of towns — has contact with USPS six days a week. In 1775, U.S. founding father Benjamin Franklin was appointed by the Continental Congress as the first postmaster general of the fledgling Democracy. The famous “Pony Express” would not begin for another 85 years.

    Early reports have described the attack as massive, one that has affected 2.9 million USPS customers and hundreds of thousands of USPS employees.

    From a statement by USPS (italics added):

    The Postal Service has recently learned of a cyber security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.

    Information potentially compromised in the incident may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information.

    Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised.

    The intrusion also compromised call center data for customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1, 2014, and Aug. 16, 2014. This compromised data consists of names, addresses, telephone numbers, email addresses and other information for those customers who may have provided this information. At this time, we do not believe that potentially affected customers need to take any action as a result of this incident.

    The privacy and security of data entrusted to us is of the utmost importance. We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line. We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption.

    We began communicating this morning with our employees about this incident, apologized to them for it, and have let them know that we will be providing them with credit monitoring services for one year at no charge to them. Employees also have the personalized assistance available to them provided by the Human Resources Shared Services Center. We are committed to helping our employees deal with this situation.

     

  • ‘Growing Sophistication And Frequency Of Cyberattacks Is A Cause For Concern,’ U.S. Comptroller Of Currency Says

    “The denial of service attacks that began in 2012 and continue today drew the attention of our largest financial institutions. While they have been only minimally disruptive so far, we know that these types of attacks are just one of the many cyber threats that our financial system faces. The growing sophistication and frequency of cyberattacks is a cause for concern, not only because of the potential for disruption, but also because of the potential for destruction of the systems and information that support our banks. These risks, if unchecked, could threaten the reputation of our financial institutions as well as public confidence in the system. The financial services industry isn’t alone in facing the threat of cyberattacks. Almost every business sector, from newspapers to power utilities, faces similar threats. But the financial services industry is one of the more attractive targets for cyberattacks, and, unfortunately, the threat is growing, for several reasons.”Thomas J. Curry, U.S. Comptroller of the Currency, Sept. 18, 2013

    Thomas J. Curry
    Thomas J. Curry

    At a speech in Washington today before the Exchequer Club, U.S. Comptroller of the Currency Thomas J. Curry said cyberattacks have the potential to disrupt operations at banks large and small and that the “threat is growing.”

    Among the problems is that the costs of carrying out such attacks are going down, while the “resources needed to identify, monitor, and mitigate against vulnerabilities and potential attacks are increasing,” Curry said.

    “First, hackers have easy access to the necessary tools and infrastructure,” Curry said. “The global nature of the Internet means they can conduct their activity from almost anywhere, including in countries with regimes that, at worst, sponsor attacks and, at a minimum, act as criminal havens by turning a blind eye toward criminal behavior.”

    Speaking to the whack-a-mole nature of the Internet, Curry said criminals are apt to switch their focus from larger to smaller institutions as the larger institutions bolster their security.

    “As our largest institutions improve their defenses, it is very likely that hackers will turn their attention to community banks,” he said. “These smaller institutions can provide a point of access into the system, and they may have less sophisticated defenses than large banks. For the most part, they depend upon third-party providers for their IT services, including security. That’s understandable, but they still have to be able to assure themselves that these service providers have adequate controls and solid processes in place to protect them and their customers. This can be particularly problematic for community banks and thrifts that may not have the resources or specialized expertise needed to identify and mitigate these vulnerabilities.

    “So, we’re devoting more resources to cybersecurity — at all of our institutions, but especially at community banks and thrifts,” he said.

    Read Curry’s remarks as prepared for delivery today.

    Also see Oct. 25, 2012, PP Blog story on cybersecurity remarks by Lisa Monaco, then Assistant Attorney General for National Security. Monaco is now President Obama’s chief counterterrorism adviser.

    In 2011, U.S. Attorney General Eric Holder said a “staggering volume” of money was being stolen online.

  • ATTORNEY GENERAL: ‘Staggering Volume Of Money Being Stolen Online . . . Has The Potential To Threaten . . . Security Of Our Nation . . . [And . . .] Integrity Of Our Government’

    U.S. Attorney General Eric Holder

    NOTE TO READERS: The headline of this news brief is excerpted from remarks made in Indiana today by U.S. Attorney General Eric Holder.

    Read Holder’s full remarks here.

    The attorney general was speaking at a summit on cybersecurity. His remarks may be the clearest sign yet that the United States is dialing up its efforts to fight online crime because of the threat it poses to national security and economic well-being.

    “In recent years, we’ve seen clear, and alarming, advances in the sophistication and commercialization of crimes involving electronic networks,” Holder said.  “And the staggering volume of money being stolen online today has the potential to threaten not only the security of our nation — but the integrity of our government, the stability of our economy, and the safety of our people.”

    The United States faces threats from criminal syndicates, terrorist organizations, foreign- intelligence groups, malicious intruders and others, Holder said.

  • URGENT >> BULLETIN >> MOVING: Prosecutors, FBI, U.S. Marshals Move Against ‘Coreflood’ Botnet; Seize 29 Domains, Execute Search And Seizure Warrants Amid Allegations Of Theft, Wire Fraud; Defense Contractor Allegedly Targeted By International Criminal Network

    BULLETIN: A federal judge in Connecticut has authorized the seizure of 29 domain names tied to the alleged “Coreflood” botnet and malware network and ordered registrars and DNS providers to neutralize what prosecutors have described as a threat to U.S. national and economic security.

    The judge ordered the network architecture to be nulled after reviewing allegations that large sums of money had gone missing from corporate bank accounts in at least four states. One of the targets of the cybercriminals was a U.S. defense contractor, according to the complaint.

    In an extraordinary move, the judge ordered the U.S. Marshals Service to set up two “substitute server[s]” to intercept traffic and cripple the botnet’s ability to communicate with infected computers. The FBI was ordered to assist the marshals, if needed.

    Coreflood is believed to have infected more than 2.3 million computers by installing keylogging software that opened doorways for criminals to steal passwords and remove money from bank accounts. Among the victims cited in court filings were the Tennessee-based defense contractor, a real-estate firm in Michigan, a law firm in South Carolina and an investment company in North Carolina.

    In the case of the defense contractor, prosecutors said, the botnet was responsible for “fraudulent wire transfers” that attempted to siphon $934,528 and successfully stole $241,866. The real-estate firm was hit for $115,771 in fraudulent wire transfers. Meanwhile, the law firm was hit for $78,421, and the investment firm was hit for $151,201.

    “The full extent of the financial loss caused by the Coreflood Botnet is not known, due in part to the large number of infected computers and the quantity of stolen data,” prosecutors said.

    Thirteen “John Doe” defendants have been charged civilly, and criminal seizure warrants and search warrants have been executed, prosecutors said. The defendants are believed to be located “outside the United States,” according to court filings.

    “Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation’s information infrastructure,” said Shawn Henry, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch.