Tag Archive for: hack

White House forms public-private task force to tackle Microsoft hack

/in


A task force composed of representatives from federal agencies and the private sector convened last week to discuss a “whole of government” response to the Microsoft Exchange hack, White House Press Secretary Jen Psaki said in a statement today.

The Unified Coordination Group established by the National Security Council included officials from the FBI, the Cybersecurity and Infrastructure Security Agency at DHS, the Office of the Director of National Intelligence and the NSA, as well as unnamed private sector companies “based on their specific insights to this incident.”

That includes Microsoft, who the White House said developed its one-click mitigation tool for the vulnerabilities to help small businesses who may otherwise struggle to afford costly incident response services. Microsoft did not immediately respond to a request for comment.

The task force “discussed the remaining number of unpatched systems, malicious exploitation, and ways to partner together on incident response, including the methodology partners could use for tracking the incident, going forward,” Psaki said.

Still struggling to wrap its arms around the SolarWinds hack last year, which compromised at least nine federal agencies and a swath of state governments and private companies, the Biden administration appears to be creating a similar policy track to respond to the Microsoft Exchange vulnerabilities, which some information security experts have worried could be as bad or worse in terms of its impact on the IT security ecosystem.

Evidence of widespread scanning for servers vulnerable to the four zero-day flaws disclosed by Microsoft earlier this month prompted CISA and the FBI to issue a joint public advisory warning that “tens of thousands of systems in the United States” could be affected and that both nation-state hacking groups and cyber criminals “are likely among those exploiting these vulnerabilities.” Other cybersecurity researchers have worried about the potential for ransomware actors to also leverage the vulnerabilities.

“It is highly likely that malicious cyber actors will continue to use the aforementioned exploits to target and…

Source…

Federal Response Group to Microsoft Hack Features Private Sector Firms – MeriTalk

/in


The White House said today the Federal government’s Unified Coordination Group (UCG) of intelligence and law enforcement agencies responding to the Microsoft Exchange hack now includes private sector firms.

The inclusion of private sector firms in the Federal response effort was first disclosed late last week by a senior Biden administration official who provided updates to the government’s response to the Microsoft Exchange and SolarWinds Orion hacking incidents.

White House Press Secretary Jen Psaki said today the National Security Council (NSC) last week established a UCG task force to drive the government’s response to the Microsoft Exchange incident – that group includes the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and support from the National Security Agency (NSA).

She said today the UCG task force also includes “for the first time” private sector members, although she did not name them.

“We invited the private sector partners based on their specific insights to this incident, an approach the NSC will take going forward as appropriate,” Psaki said. “The UCG discussed the remaining number of unpatched systems, malicious exploitation, and ways to partner together on incident response, including the methodology partners, could use for tracking the incident, going forward.” She added that Microsoft released a “one-click” mitigation tool for small businesses to respond to the hacking incident.

Last week, the senior Biden administration official said, “We want to ensure we are taking every opportunity to include key private sector participants early and directly in our remediation efforts.”

In a separate statement today, Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technology, said the administration is “committed to working with the private sector to build back better – including to modernize our cyber defenses and enhance the nation’s ability to respond rapidly to significant cybersecurity incidents.”

The senior administration official said last week that the cyber response model going forward will include more…

Source…

The Future of Internet Security and Privacy with Tony Aquila

/in



18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter ‘Bitcoin Scam’ Hack

/in


Twitter Bitcoin Scam

A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence.

Graham Ivan Clark, 18, will also serve an additional three years on probation.

The development comes after the U.S. Department of Justice (DoJ) charged Mason Sheppard (aka Chaewon), Nima Fazeli (aka Rolex), and Clark (then a juvenile) with conspiracy to commit wire fraud and money laundering.

Specifically, 30 felony charges were filed against Clark, including one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of access to computer or electronic device without authority.

On July 15, 2020, Twitter suffered one of the biggest security lapses in its history after the attackers managed to hijack nearly 130 high-profile Twitter accounts pertaining to politicians, celebrities, and musicians, including that of Barack Obama, Kanye West, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Uber, and Apple.

The broadly targeted hack posted similarly worded messages urging millions of followers of each profile to send money to a specific bitcoin wallet address in return for larger payback. The scheme netted about $117,000 in bitcoin before it was shut down.

Twitter Bitcoin Scam

Subsequent investigation into the incident revealed that Clark and the other attackers seized the accounts after stealing Twitter employees’ credentials through a successful phone spear-phishing attack, subsequently using them to gain access to the company’s internal network and account support tools, change user account settings, and take over control.

“By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts – Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7,” the company said on July 31.

Additionally, the three individuals attempted to monetize this entrenched access by selling the hijacked…

Source…