The Home Depot investigating possible massive data breach: Adds Security Pressure
Mikahel Love, IIO
Summary: Reports are out that a new batch of stolen credit and debit cards hit the cybercrime underground on Tuesday, with multiple banks confirming that The Home Depot stores may be the source.
Home Depot Inc. (HD)’s
investigation of a suspected hacker attack is renewing pressure on
retailers and credit-card providers to strengthen payment-system
security. Home Depot spokesperson Paula Drake confirmed that the company is investigating. “I can confirm we are looking into some unusual activity and we are
working with our banking partners and law enforcement to investigate,”
Drake said, reading from a prepared statement. “Protecting our
customers’ information is something we take extremely seriously, and we
are aggressively gathering facts at this point while working to protect
customers. If we confirm that a breach has occurred, we will make sure
customers are notified immediately. Right now, for security reasons, it
would be inappropriate for us to speculate further – but we will provide
further information as soon as possible.”
The largest home-improvement chain said yesterday, 02 Sept. 2014, that it was working with banks and law enforcement
on the possible incursion, following a report by KrebsOnSecurity that a
“massive” batch of stolen credit- and debit-card information was posted
for sale online.
There are signs that the perpetrators of this apparent breach may be
the same group of Russian and Ukrainian hackers responsible for the data
breaches at Target, Sally Beauty and P.F. Chang’s, among others. The banks contacted by Brian Krebs, reporter for KrebsOnSecurity.com, all purchased their customers’ cards from the same underground store – rescator[dot]cc — which on Sept. 2 moved two massive new batches of stolen cards onto the market.
The number of customers affected by The Home Depot breaches amounts to more than one-third of the American population.
A recent Kaspersky Lab research examination of two command and control servers used by the Backoff point-of-sale malware revealed that a U.S.-based Mexican restaurant chain, a North American freight shipping company and a North American payroll association had also been breached.
The breaches prompted a warning by the U.S. Secret Service last week warning of a spree of point-of-sale attacks affecting more than 1,000 businesses. Backoff has experts concerned because it’s effective in swiping customer credit card data from businesses using a variety of exfiltration tools, including memory, or RAM scraping, techniques, keyloggers and injections into running processes.
A report from US-CERT said attackers use Backoff to steal payment card information once they’ve breached a remote desktop or administration application, one that’s using weak or default credentials that tumble in a brute-force attack.
Hackers then install Backoff on a point of sale device, injecting the code into a running process in order to scrape credit card numbers from memory before they’re encrypted on the device.
A number of banks are telling Krebs that the breach dates as far back as
April and that all 2,200 Home Depot locations in the U.S. could be
involved. By comparison, there are 1,795 Target locations in the U.S.. That could make a Home Depot breach even bigger
than that of Target, which began in November and was reported in December.
In
that breach, Target said hackers had stolen credit or debit card
information from about 40 million customers. The company also said
criminals had stolen other pieces of personal information, like email
and mailing addresses, from about 70 million people.
The number of customers affected by The Home Depot breaches amounts to more than one-third of the American population.
A recent Kaspersky Lab research examination of two command and control servers used by the Backoff point-of-sale malware revealed that a U.S.-based Mexican restaurant chain, a North American freight shipping company and a North American payroll association had also been breached.
The breaches prompted a warning by the U.S. Secret Service last week warning of a spree of point-of-sale attacks affecting more than 1,000 businesses. Backoff has experts concerned because it’s effective in swiping customer credit card data from businesses using a variety of exfiltration tools, including memory, or RAM scraping, techniques, keyloggers and injections into running processes.
A report from US-CERT said attackers use Backoff to steal payment card information once they’ve breached a remote desktop or administration application, one that’s using weak or default credentials that tumble in a brute-force attack.
Hackers then install Backoff on a point of sale device, injecting the code into a running process in order to scrape credit card numbers from memory before they’re encrypted on the device.
“The criminals are getting smarter faster than the companies,” said Jaime Katz, an analyst at Morningstar Inc. in Chicago. If the Home Depot breach is on the same scale as Target (TGT)’s incident last year, “there is obviously significant concern,” she said.
Most recently, a group is said to have stolen more than 1.2 billion Internet credentials — including usernames and passwords — with more than 500 million email addresses. In that case, however, most of the IDs exploited were used for sending spam on social networks, rather than illegal spending and selling on the black market.
The Home Depot also posted a note to shoppers on its website, urging them to monitor their accounts and report any suspicious activity.
Most recently, a group is said to have stolen more than 1.2 billion Internet credentials — including usernames and passwords — with more than 500 million email addresses. In that case, however, most of the IDs exploited were used for sending spam on social networks, rather than illegal spending and selling on the black market.
The Home Depot also posted a note to shoppers on its website, urging them to monitor their accounts and report any suspicious activity.
Home Depot shares
fell 2 percent to $91.15 on 02 Sept. 2014, marking the largest one-day decline
in almost five months, after the company said it was looking into the
possible breach. It also prompted credit-card companies such as
Citigroup Inc. to step up efforts to protect customers.
In a separate statement Tuesday, 02.09.14, Goodwill said its customers' credit and
debit card numbers had been stolen at more than 300 stores in 19 states
and Washington, D.C. rom February 2013 through Aug. 14. Goodwill blamed
the security lapse on an unidentified contractor's payment processing
system. Reports about fraud linked to shoppers' cards have been "very
limited," Goodwill said.
The company had said in July that it was investigating the breach.
List of affected Goodwill stores: www.goodwill.org/payment-card-notice
 |
| ( click image to enlarge ) |
 |
| ( click image to enlarge ) |
 |
| ( click image to enlarge ) |
More Home Depot BREACHES:
Theft of Home Depot laptop Puts 10,000 at Risk
Several weeks ago, a Home Depot human-resources representative in Massachusetts took a laptop computer home to do some additional work and had the PC stolen from his vehicle parked in front of his house, according to a company official. The notebook stored personal information, including names, addresses and Social Security numbers of roughly 10,000 employees, she says. The data was not encrypted, but the system was password protected, she adds.
Once Home Depot investigated the theft and determined which employees' data was stored on the notebook, the company notified potential victims and is offering one year of credit monitoring for free, the official says.
"We have no reason to believe the data was the target of this theft," says the official, adding that the company has received no evidence of identity theft as a result of the incident.
Home Depot is continuing to work with law enforcement on an investigation into the theft.
RELATED:
Via:
Hackers stole security check info on at least 25,000 DHS employees
Homeland Security tallies damage from breach at USIS, and it's not pretty.
by Sean Gallagher
- Aug 30, 2014 3:41 pm UTC
 |
| Employees at the Department of Homeland Security may be feeling a bit less secure about their personal data. |
On Aug. 2, Department of Homeland Security officials revealed that
the agency's contractor for conducting security clearance background
checks had been hacked, and an unknown number of DHS employees' personal
data from those investigations had been stolen—potentially by a
state-sponsored hacker. Now the DHS has a handle on how many records
were stolen from contractor USIS: at least 25,000.
The Associated Press cites
information from an unnamed DHS official, who spoke with the service
under the condition of anonymity. "Homeland Security will soon begin
notifying employees whose files were compromised and urge them to
monitor their financial accounts," the Associated Press' Joce Sterman
reported.
USIS is, as the Washington Post reported, the largest contract
provider of background investigations to the federal government. The
attack on USIS comes after the March revelation that the US Office of
Personnel Management had been attacked by hackers based in China,
potentially giving them access to the personal information of millions
of government employees—though OPM offficials say that no personal data
appeared to have been taken in the attack before it was detected.
The US Computer Emergency Response Team (US-CERT), which is part of
DHS, is currently investigating the USIS breach, as are the FBI and
other federal authorities. USIS was already under fire from Congress,
and faces a federal whistleblower lawsuit over the alleged "dumping" of
more than 600,000 background checks for security clearances—marking as
complete checks that were only partially conducted. USIS was responsible
for the background checks for Edward Snowden, and for Aron Alexis—the man responsible for the shootings at the Navy Yard in Washington, DC last year.
Continued Via
Security breach hit 25,000 federal workers
 |
| The estimate of Homeland Security workers affected by the breach at USIS may rise further. (WJLA) |
WASHINGTON (AP) - A Homeland Security Department official says a recent
computer breach at a major government security clearance contracting
firm may have affected the internal files of as many as 25,000 of the
agency's workers.
The official says the estimate of Homeland Security
workers affected by the breach at USIS may rise further. The official
spoke on condition of anonymity in order to discuss details of an
incident that is under active federal criminal investigation. Homeland
Security will soon begin notifying employees whose files were
compromised and urge them to monitor their financial accounts, the
official said.
A USIS spokeswoman declined to comment. The company said earlier in a
statement on its website that the cyberattack appeared to "have the
markings of a state-sponsored attack."
The FBI is investigating.
And Via:
Security Affairs
The network of USIS compromised by a cyber attack
Internal network of USIS was compromised by a cyber attack which has exposed Government Employees’ Data. Investigators speculate on a state-sponsored attack
The USIS (U.S. Investigations Services), which provides background checks for the US government was recently hacked. This is the second data breach
in a few months that threaten US government. The USIS recently
acknowledged that its network was violated by a cyber attack and experts
that are investigating on the case believe that the authors of the
attack could be a state-sponsored hacking team.
“We are working closely with federal law enforcement authorities and have retailed an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network,” “Experts who have reviewed the facts gathered to date believe it has all the markings of a state-sponsored attack.” announced the USIS in a statement.
Early July, alleged Chinese hackers hacked the system of the Office of Personnel Management(OPM),
for this reason the USIS is collaborating with the Bureau and
the Department of Homeland Security (DHS) to track the authors of the
attack and to estimate exactly the compromised data and the impact of
the data breach.
Government offices and subcontractors
are privileged targets for cyber criminals and state-sponsored hackers,
last years according to official documents of The U.S. Department of
Energy in different breaches employees’ and contractors’ personal
information was exposed.
The DHS spokesman Peter Boogaard reported to The Hill that groups of hackers are targeting some agency which maintains employees’ information, for this reason the DHS is suggesting to the employees to monitor their financial accounts for suspicious activity and is alerting them on possible spear phishing attacks that could be arranged in the next months to steal further data from Government Offices.
According Boogaard data belonging to some DHS personnel may have been exposed, but at the time I‘m writing there is no news on the number of employee records exposed.
“Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce” “We are committed to ensuring our employees’ privacy and are taking steps to protect it.” Peter Boogaard said.
The journalists at The Washington Post exclude a linked between the cyber attack on USIS and the data breach suffered in March 2014 by OPM.
“The intrusion is not believed to be related to a March incident in which the OPM’s databases were hacked, said officials, some of whom spoke on the condition of anonymity because they were not authorized to speak on the record.” states the Washington Post
It’s clear that such attacks represent a serious threat for the US Government, stolen information could be used by bad actors to organize dangerous attacks to critical infrastructure of the country.
Sen. Tom Carper, chairman of the Homeland Security and Governmental Affairs Committee, declared in a statement that this kind of incidents demonstrates the importance of cyber security in Homeland security.
“This latest report of a cyber attack on the major government contractor USIS is deeply troubling and underscores the scary reality of how much of a target our sensitive information has become in cyberspace,” “It also shows how urgent it is that we reform our laws to better combat attacks from malicious actors.” he said.The USIS breach “is very troubling news,” “Americans’ personal information should always be secure, particularly when our national security is involved. An incident like this is simply unacceptable.” added said Sen. Jon Tester (D-Mont.), a Homeland Security Committee member.
It is necessary to improve security of high
sensitive networks and maximize the information sharing between private
companies and government entities to promptly identify cyber threats
and adopt the necessary mitigation strategy.
And Via
China's Hack of 4.5 Million U.S. Medical Records? This Chart Will Make You Sick
Aug 21, 2014 7:26 PM ET
 |
| Divya Shroff, associate chief of staff at the Veterans Administration Hospital, left, shows medical students the facility's electronic medical records system in Washington, D.C. - Photographer: Joshua Roberts/Bloomberg |
The Chinese hacking group that stole 4.5 million patient records
from a Tennessee hospital chain may have gained some bragging rights
from the heist, but they haven't come close to entering the ranks of the
biggest breaches of all time. In fact, they haven't even cracked the
top 10.
The attack
has gained notoriety for its methods, rather than its size — the
hacking group has been prolific in attacking U.S. medical-device
companies and drug makers. The chart below shows how the Chinese breach compares with others.
\
The
ranking provides little solace if you're one of the people whose
personal information was stolen and used for identity theft. Yet, with
security-software maker Symantec calling this the era of the "mega-breach"
and some attacks hitting the nine digits, it's worth remembering that
hackers have many, many other ways to obtain personal information.
MORE:
Who will be the NEXT Target? Those of Poverty?
Mikahel Love, IIO
 |
| Inside a warehouse of a thriving non-profit business that uses the poor for business |
It seems that businesses such as Home Depot, Target, Albertson's, Target, Michaels, Neiman Marcus, Sally Beauty, P.F. Chang’s China Bistro
and SuperValu, as well as, some preferred banks appear to the targets,
there resides a mountain of personal data including Social Security
numbers, bank account info and even drivers license details held in
insecure and vulnerable so-called non-profits: Food Banks and Food
Pantries.
These
so-called non-profit businesses have been collecting personal details
for some time now. With investigating into how secure those of poverty
details are, we found that security seemed to be brushed off and/or at
most, bare security features were being used.
Although,
one wouldn't think that a person who must go to a Food Bank and/or Food
Pantry for what to eat would have huge amounts of money and/or assets
on hand to steal, there are a multitude of other reasons why identity
theft takes place: elections; travel; committing a crime to implicate
another ...
It appears there exist hardly any security safe-guards in place to protect identity theft of those who MUST surrender personal details to eat: The abused and/or those of poverty in the U.S..
Not
one food pantry expressed any law in place that commanded them to make
clients surrender their personal details as they would when applying for
a loan, government assistance, etc.
Could it be that Food Pantries and Food Banks are a cloaked arm of government?
 |
| DO NOT rely upon governments and/or others to safe-guard your personal details. YOU must be vigilant. |
More:
500
Mikhael Love, IIO
While it's not entirely sure how the recent theft of several celebrities’ private photos was carried out, the leading theory places the blame on a vulnerability in iCloud, Apple’s Internet storage system.
Specifically, one such theory
goes, the hacker (or hackers) was able to nail down the iCloud passwords
of the celeb victims and root around in their Apple storage lockers
after gaining access. The responsible party may have used a tool called iBrute, according to The Daily Dot,
which exploited a (since-fixed) iCloud bug that allowed a forced
digital entry by guessing several common passwords until the correct one
unlocked the front door.
It hasn’t been confirmed that iBrute was used; the tool’s creator sees no evidence that it was, but concedes that it’s possible.
iBrute used 500 of the most common passwords that were leaked from a
service called RockYou, which leaked out 32 million usernames and
passwords way back in 2009; the tool’s creators posted those passwords
in a long list on the developer site GitHub.
Listed below are 500 common
passwords below. The passwords that iBrute worked with included one
capital letter and one number, so old standbys like “password” and
“iloveyou” do not appear here.
Even though these passwords are
from 2009, the Great Celebrity Hack of 2014 serves as another reminder
that if you use any of the following 500 passwords on any service, it’s
way past time for a change.
Oh yes, and while you’re at it, you should make sure that you have two-factor authentication enabled on any account that offers it, and make sure you’re using as strong a password as possible. And remember, "Think SMART when developing a PASSWORD!
 |
| ( click image to enlarge ) |
 | |
|
 | |
|
No comments:
Post a Comment