Category Archives: in the news

Pictures Causing Your Identity To Be Stolen

A recent thing in news, is how taking pictures with either your hands up or having the peace sign up and your finger prints facing the camera can be a dangerous thing if you post them. Most people are out having fun with their friends and are taking a fun, simple photos but with the way the world is now you have to think twice before taking the picture or posting it.

If the lighting and focus is just right then the they hackers can easily recreate your finger prints as long as it 10 feet from the person. It is hard to believe that we have reached the point where we have to be worried about our finger prints being taken from a photo that is being posted. But as time keeps going on, we need to be aware of these things and we need to be aware that these problems do exist and we all need to second guess before taking and posting pictures.

 

Russian Hacking Panel

The University of Pittsburgh will be hosting a panel on Russian Hacking on Thursday, February 2nd, from 1:30pm to 4:30pm. At this event, several panelists will discuss a variety of topics, including: Russian activities in cyberspace, U.S. and Russian views on cyber tool usage, U.S. response to Russian activities, and Russia’s possible effect on the U.S. presidential election.

There will four panelists at this event:

  • Andrei Soldatov, a Russian investigative journalist and security services expert
  • Ellen Nakashima, a national security reporter for The Washington Post
  • Luke Dembosky, a former Deputy District Attorney General for National Security and former U.S. Department of Justice representative at the U.S. Embassy in Moscow
  • Keith Mularski, a Supervisory Special Agent for the FBI in Pittsburgh

The event will be streamed live at law.pitt.edu/cybertalk. Students can only attend the event at the University of Pittsburgh if they have already registered for it. Registration for the event closed yesterday, January 30th. However, everyone is welcome to watch the event live through the link above.

For more information, there is a flyer posted below.

Russian Hacking Panel Flyer

Alert: Employment Scams Targeting College Students

The Internet Crime Complaint Center (IC3) has issued an alert on employment scams that target college students.  The scam involves phony job opportunities that may be advertised via college employment websites or sent via email (targeting bank accounts).  For additional information and examples of phony emails, please see here.

Don’t fall for this ‘highly effective’ Gmail scam

For several months, a phishing scam has been tricking Gmail users into sharing their passwords. Recently, the security company WordFence released an alert about this scam.

The attack starts when the attacker sends an email to the victim’s Gmail account. The email address of the “sender” usually belongs to someone that the victim knows; however, the sender’s account has already been compromised by the attacker. The email contains what appears to be an image for the victim to click on.

When the victim clicks on the “image”, they are taken to a new tab which prompts for their Gmail account information. Once the victim signs in on this page, their account is compromised. The attacker then has access to the victim’s emails and personal documents. Once the attacker has access to the victim’s account, they will use this account to send the scam to more victims.

What makes this scam “highly effective” is that it is uses email addresses of people that the victim knows. Also, the fake Gmail sign-in page appears to be legitimate, containing the Google logo and normal entry fields for username and password.

In order to prevent yourself from becoming a victim of this scam, it is important to note the following:

  • Although the false attachment contains “accounts.google.com” in its URL, it also has “data:text/htm” at the beginning, which is not found on a normal Gmail URL.
  • When signing into any service, you should check the browser bar to verify the protocol and hostname. The URL should begin with “https:” and there should be a green lock icon next to the URL.
  • Gmail users can also enable two-factor authentication or “2-step verification” to make their account more secure.

For more information: Don’t fall for this ‘highly effective’ Gmail scam and WordFence Article

Beware, iPhone Users: Fake Retail Apps Are Surging Before Holidays

In the past few weeks, there have been hundreds of fake retail and product applications in Apple’s App Store. The fake apps have pretended to be companies such as Dollar Tree, Foot Locker, Nordstrom, and Dillard’s. A company that tracks new shopping apps, Branding Brand, reported a large increase in these fake applications in the past few weeks.

The apps are being created to trick Black Friday shoppers into clicking them. Some apps seem to be harmless, just displaying pop-up ads whenever users click on them. Others, however, are dangerous because users can have their credit card information stolen if the app asks them to input it. Also, some of the apps can contain malware that can steal personal information and even lock the victim’s phone.

The fake apps came from developers in China; they were somehow able to get past Apple’s review process for new apps. Apple’s app screening process is less strict than Android’s; Apple focuses more on blocking malicious software and does not routinely examine the thousands of new apps that are sent to them everyday. It is important for brands and companies themselves to search for and report these fake apps, similar to how they search for and report fake websites. Last week, however, Apple did remove hundreds of fake apps after an article was published about the apps. A spokesperson for Apple claims that they have set up ways for customers to report fake apps. In September, Apple started to look through their two million apps to remove fake and unnecessary ones. Despite this, new fake apps continue to appear.

A recent example of a fake app was one called Overstock Inc. – apparently named to let customers believe that it was the real company app for Overstock.com. The developer of the app is the Chinese company Cloaker Apps. The CEO of Cloaker, Jack Lin, claims that the company only provides the back-end technology for the apps; they do not investigate their clients. However, not even Cloaker is what it seems; the company’s website states that its headquarters is in the middle of Facebook’s campus in Menlo Park, California. When Jack Lin was first interviewed, he claimed that the company only had offices in China and Japan. When asked about the office in California, he claimed to have “tens of employees” there.

China is, by far, the biggest source of fake applications. Many of the fake apps have red flags to show that they are not real, including: nonsensical menus in broken English, no reviews, and no history of previous versions of the app. So far, thousands of individuals have apparently fallen prey to the newest fake apps. However, in most cases, no serious problems have occurred. The fake apps usually target companies either with no apps or multiple apps. Some have even used Apple’s paid search ads to put their fake apps at the top of the search results.

Fake apps on Apple are a new problem, occurring more commonly in the past few months. However, with Black Friday soon approaching, it is important to remember to check the applications that you are planning to download. Also, if possible, try to use alternative methods to applications that ask for banking or personal information. For example, try to use the company’s website on your laptop or computer; also, remember to check the security on the website itself. Criminals are obviously going to take advantage of whatever situation becomes available to them. Therefore, you should always be careful of what you click or download on your phone or computer.

Article Link: Beware, iPhone Users

Inspiring Improvement in the Field of Automotive Cybersecurity

A few weeks ago, I submitted a post about cybersecurity in the automotive industry, specifically about Volkswagen’s foray into invested into cybersecurity for automotive computers. Earlier today, the U.S. National Highway Traffic Safety Administration (NHTSA) suggested that automakers should “make shielding the electronic and computer systems of vehicles from hackers a priority, developing layers of protection that can secure a vehicle throughout its life.” These are not enforceable rules, but strong suggestions from one of the government institutions that are partially responsible for the creation of future regulations that will more strictly govern the automotive industry as a whole.

The NHTSA poses many potential security upgrades in their proposal, entitled “Cybersecurity Best Practices for Modern Vehicle.” Some of these suggestions are moves that manufacturers, like Volkswagen, are already putting into place. Most of the proposals made in the proposal are becoming standard operating procedure for automotive companies, while other suggestions are less likely to be taken into consideration. One proposal in question relates to the disclosure of proprietary information about critical components of electrical and data systems within vehicles. Jonathan Allen, acting executive director of the Automotive Information Sharing and Analysis Center, explained in an interview that this section of the industry is incredibly competitive and that companies will probably avoid disclosing this information until they are required to.

As I mentioned in my last post, the threat of automotive hacking, while still extremely small, is becoming an increasing threat. As companies begin to offer significant vehicle upgrades through wireless data links, much the same as Tesla has been over the past few years, the need for secure connections will continue to grow. Massachusetts Senator Ed Markey agrees with this sentiment and stated in an interview today that “if modern day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger.” I couldn’t agree more with this sentiment. As technology continues to impact our lives in increasingly different ways, the need for knowledgeable cyber security experts will continue to grow.

Australian Meteorology Bureau Breach

“You’re only as strong as your weakest link.” For the Australian government, this phrase is extremely relevant today. The Australian Cyber Security Center confirmed yesterday that a 2015 attack on servers at Australia’s Bureau of Meteorology was initiated by a foreign intelligence service. You may be thinking, “What could hackers want with weather data?” The answer is nothing. By hacking into the weakest part of the Australian government’s network, the hackers were able to work their way throughout the system by breaching the poorly protected meteorology division.

Various reports have stated that China is behind the attacks but the Australian government states that it will not be naming a source. The Australian Cyber Security Center (ACSC) noted that the security controls in place “were insufficient to protect the network from more common threats associated with cybercrime.” They also estimate that every password on the Meteorology Bureau’s network was already compromised by the time that the investigation into the matter began.

Technology has allowed governments around the world to better store data and control their resources; unfortunately, as an entity’s cyber footprint increases, so does the type and number of potential risks that threaten them. It is vital that modern-day governments around the world put in place the countermeasures to protect their systems and data.