Password management company LastPass hacked, but it’s safe; inside the mind of a teenage ransomware creator; Iran is rampant in its cyber-attacks across the Middle East; Israeli hackers break into Foxconn and more devilish doings in the world of cyber space
It’s with some irony that LastPass, a company that offers users a tool to centrally manage passwords online with a single master password, has revealed that hackers have broken into its databases and have taken email addresses and password reminders, among other data.
The company said it had found no evidence that its encrypted user vault data was taken, or that user accounts were accessed. It’s ironic in that services such as LastPass are designed to enhance security by allowing users to store all of their passwords in a centrally managed vault which is only accessible via a master password.
It’s also something that we at BullGuard have often suggested is a good idea for password security. That said, the company is adamant that most of its users are protected. In a statement it said:“LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.”
Now if this sounds like technical gobbledygook to you in plain English it and simplified too the ‘random salt’ which is a unique protection element for each password, means that hackers find it hard to scoop up large numbers of passwords and they would have to try and crack one password at a time.
However, that said, one of the features of this attack is that password reminders were stolen. So the bottom line for any user of LastPass is changing your master password.
LastPass also said: “LastPass user accounts are locked down. You can only access your account from a trusted IP address or device – otherwise, verification is requested. We are confident that you are safe on your LastPass account regardless.”
This means that LastPass will require users that log in from a different computer or device to verify their accounts via email for added security – for now at least.
14 million records gone and counting
The US Office of Personnel Management hack just keeps growing. The government department said it had discovered a hack that compromised the personnel records of 4.2 million current and former government employees.
Now a US cyber security company said it actually discovered the hack on OPM’s network in April of this year. CyTech Services had been invited into OPM to showcase a forensic software programme.
When using its endpoint (desktops, laptops, printers, etc.) vulnerability assessment tool it identified a set of unknown processes running on a limited set of devices. This was ultimately revealed to be malware.
The tool sounds similar to BullGuard’s behavioural-based detection which identifies aberrant processes, flagging them up as potential viruses.
Also OPM said the breach was much worse than it initially thought, saying that hackers might have stolen security-clearance records that millions of people must file to secure jobs in national security, law enforcement and other sensitive posts.
The number of people who might be affected as also been revised upwards to a whopping 14 million.
Anonymous US sources point the finger at China while China vigorously denies the claims and points the finger back.
Iran hacks Israel and the Middle East
And speaking of international cyber espionage an Israeli security firm has released a report documenting alleged hacks by the Iranians on targets in the Middle East and Israel
ClearSky cyber security firm said it has discovered an ongoing wave of cyber-attacks originating from Iran on targets including the finance minister of a Middle Eastern country, Qatar’s embassy in Britain, journalists and human rights activists.
The report authors said they assume, but do not have direct evidence, that the hacking campaign is either being supported by the Iranian regime or performed by the regime itself.
“The context of the attacks and cover stories all revolve around Iran,” the report noted. “The attackers speak and write in native Iranian Persian and make mistakes characteristic of Persian speakers. In one of the hacked accounts, when retrieved, the interface language had been changed to Persian.”
According the report, 44 percent of these attacks targeted sites in Saudi Arabia, 14 percent sites in Israel, and 11 percent in Yemen. The targeted sites included those involved in counter-terrorism, diplomacy, international relations, and physics. Journalists and human rights activists were also targeted.
According to ClearSky, this wave of attacks, which has been going on since at least last year, is “the toughest one they have encountered in terms of duration and persistence.”
Israel hacks Foxconn
But these things cut both ways. Suspected Israeli computer spies who hacked hotels hosting diplomatic talks on Iran’s nuclear program appear to have also broken into computers at electronics giant Foxconn.
A report has been released on a new piece of digital spyware which is extremely similar to another one U.S. intelligence agencies associate with their Israeli counterparts.
It has been dubbed Duqu 2.0. The original Duqu was known as the son of Stuxnet, a sophisticated virus targeting Siemens machinery in Iran’s nuclear Nantaz plant, and widely to have been created by the Israeli’ and the US.
Apparently the malware poses as certified software from Foxconn, which among other things makes iPhones. Because computers are programmed to trust such certificates, they can act as a free pass onto computers. Hackers often try to steal them to better ensure they can get past a computer’s.
The belief is that the hackers hacked the hardware manufacturers in order to get these certificates and will use them to access other computers
Inside the mind of a teenage ransomware creator
Meanwhile Business Insider, Australia tracked down a teenage hacker who has crafted code designed to hold computers to ransom and who is selling it on the deep web for $5,000. It’s a brief but insightful interview if you’ve ever wondered what teenage hackers are thinking.
Duplicitous dealings by intelligence agencies – never
Over the weekend there was also a raft of stories about how Edward Snowden’s unveiling of NSA hacking and the extent of it has actually led to spies from the UK being pulled out of certain countries to avoid being killed.
The story was broken by the Sunday Times and unfortunately just relies on anonymous sources. Interestingly, it followed a judgement a few days earlier in which the extent of the NSA’s snooping was deemed unlawful and unnecessary.
It’s easy to see how the two are connected and it’s an unspoken given that the press are often manipulated by intelligence agencies. Though, that said, this attempt, if it is one, does appear ill thought out and clunky.
Here’s what one publication thinks about the Sunday Times story – and it’s not a lone voice.
Fear of hacking on the rise
A Rand Corporation study reveals that fear of hacking is heading skywards. The authors said prior research showing worldwide spending on cybersecurity is approaching $70 billion per year and growing at 10 to 15 percent annually.
A recent epidemic of cyberattacks has led to greater investment and spending on security, but fears are rising that hackers are gaining the upper hand. Based on a survey of company chief information officers it is clear that cyber-security is now a priority for many organizations. But said that, the report adds: “it would be an understatement to say organizations are dissatisfied with their security.”
At one level this is good news but at another this dynamic between attack and defence has been a consistent feature since hacking went mainstream over 15 years ago. It’s just that the scale of the attacks and the damage that they can do get bigger and deeper, while greater efforts must be consistently applied to fend off the attacks.