Subscribe free to our newsletters via your
. Military Space News .




Subscribe free to our newsletters via your




















CYBER WARS
Massive bureau hack raises troubling questions
By Rob Lever
Washington (AFP) Sept 8, 2017


143 mn affected in hack of US credit agency
San Francisco (AFP) Sept 8, 2017 - A major American credit reporting agency entrusted to safeguard personal financial information said Thursday hackers looted its system in a colossal breach that could affect nearly half the US population as well as people in Britain and Canada.

Equifax said that a hack it learned about on July 29 had the potential to affect 143 million US customers, and involved some data for British and Canadian residents.

The Atlanta-based company disclosed the breach in a release that did not explain why it waited more than a month to warn those affected about a risk of identity theft.

Filings with the US Securities and Exchange Commission showed that three high-ranking Equifax executives sold shares worth almost $1.8 million in the days after the hack was discovered.

An Equifax spokesperson told AFP the executives "had no knowledge that an intrusion had occurred at the time they sold their shares."

Copies of SEC filings regarding the transactions were on an investor relations page at the company's website.

Equifax collects information about people and businesses around the world and provides credit ratings used for decisions regarding loans and other financial matters.

It also touts a service protecting against identity theft.

"The fact that it is a credit company that people pay to be protected from breaches, and now they have been breached... it feels like a betrayal of trust to a point," said Aires Security chief executive Brian Markus, whose firm specializes in computer network defenses.

He considered the breach "gigantic," made worse by the fact that Equifax stores extensive personal information about people and keeps it up to date.

Markus wondered what level of responsibility Equifax is going to take if stolen information is used for fraud or identity theft, and advised people to enlist credit monitoring services to alert them to trouble.

- 'Strikes at the heart' -

Equifax released a statement saying that it learned of the breach on July 29 and "acted immediately" with the assistance of an independent cybersecurity firm to assess the impact.

"Criminals exploited a US website application vulnerability to gain access to certain files," the statement said.

An internal investigation determined the unauthorized access occurred from mid-May through July 2017, according to the company.

Equifax said the hackers obtained names, social security numbers, birth dates, addresses and, in some instances, driver's license numbers from the database, potentially opening up victims to identity theft.

The company said credit card numbers were compromised for some 209,000 US consumers, as were credit dispute documents for 182,000 people.

Equifax vowed to work with British and Canadian regulators to determine appropriate next steps for customers affected in those countries, but added in the release that it "found no evidence that personal information of consumers in any other country has been impacted."

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," said company chairman and chief executive Richard Smith.

"I apologize to consumers and our business customers for the concern and frustration this causes."

He added that Equifax is reviewing its overall security operations.

Equifax said it had established a website to enable consumers to determine if they are affected and would be offering free credit monitoring and identity theft protection to customers.

The company is the latest to announce a major breach. Yahoo last year disclosed two separate cyber attacks which affected as many as one billion accounts.

It could be the worst-ever data breach for American consumers, exposing some of the most sensitive data for a vast number of US households.

The hack disclosed this week at Equifax, one of the three major credit bureaus which collect consumer financial data, potentially affects 143 million US customers, or more than half the adult population.

While not the largest breach -- Yahoo attacks leaked data on as many as one billion accounts -- the Equifax incident could be the most damaging because of the nature of data collected: bank and social security numbers and personal information of value to hackers and others.

"This is the data that every hacker wants to steal your identity and compromise your accounts," said Darren Hayes, a Pace University professor specializing in digital forensics and cybersecurity.

"It's not like the Yahoo breach where you could reset your password. Your information is gone. There's nothing to reset."

Some reports suggested Equifax data was being sold on "dark web" marketplaces, but analysts said it was too soon to know who was behind the attack and the motivation.

"This could be a mercenary group or it could be a nation-state compiling it with other data" for espionage purposes, said James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a Washington think tank.

"This is the kind of information I would go after if I were a nation-state, to set up psychographic targeting for information and political warfare."

- National security risks -

Peter Levin, chief executive at the data security firm Amida Technology Solutions and a former federal cybersecurity official, said he is concerned over the national security impact of the breach, which follows a leak of data on millions of US government employees disclosed in 2015.

"The implications with regard to national security are very large," he said.

Because most federal employees also have credit reports, "those people have now been hacked twice," Levin said, offering potential adversaries fresh data to be used against them.

"We've just given the bad guys a lot more information," he said. "Even if they didn't perpetrate the attack, they can buy the data."

An FBI statement said the US law enforcement agency "is aware of the reporting and tracking the situation as appropriate."

The breach raised numerous questions among experts, such as why the company waited more than a month to notify consumers after learning of the attacks July 29.

Some analysts expressed concern that a company with a mission to safeguard sensitive data allowed a breach of this scope to take place.

"Equifax knew it was a prime target for cyberattacks," said Annie Anton, who chairs the Georgia Tech School of Interactive Computing and specializes in computer security research.

"It's amazing that one flaw could lead to a breach involving 140 million people. They should have safeguards in place. Even if a breach happens, it shouldn't grow to that scale."

Even more surprising, Anton said, is that Equifax still used social security numbers for verification despite the known risks from storing these key identifiers.

Anton noted that she testified before Congress in 2007 recommending that credit bureaus be required to use alternatives to social security numbers "and it still hasn't been fixed."

Some details of the attack remain unclear, including whether the data stolen was encrypted -- which would make it harder for the hackers to monetize.

At least two class-action lawsuits on behalf of consumers were filed following the disclosure claiming Equifax failed to adequately protect important data.

Equifax "should have been better prepared for any attempt to penetrate its systems," said attorney John Yanchunis, who filed one of the lawsuits.

Separate lawsuits announced Friday meanwhile said Equifax may have violated securities laws by allowing three high-ranking Equifax executives to sell shares worth almost $1.8 million in the days after the hack was discovered.

An Equifax spokesperson told AFP the executives "had no knowledge that an intrusion had occurred at the time they sold their shares."

Equifax stock fell 13.6 percent in New York trades on Friday following the disclosure.

- How to respond-

The potential impact of the Equifax breach prompted some experts to suggest the government revisit the idea of social security numbers issued for life.

"The government should consider changing social security numbers since there have been so many breaches," Hayes said.

Levin added that he "would be in favor of issuing new social security," even though "it's a fraught political discussion."

Others said the US could follow a European rule set to take effect in 2018 requiring companies to notify consumers within 72 hours of a data breach.

"Companies will put more into cybersecurity if there are tough penalties associated with data breaches," Hayes said.

The House Financial Services Committee will hold hearings on the breach, committee chair Jeb Hensarling said while expressing concern over a "very troubling situation."

New York state attorney general Eric Schneiderman said his office was launching a formal probe to determine if Equifax adequately notified consumers and had appropriate safeguards in place.

CYBER WARS
EU defence ministers put to test in mock cyberattack
Tallinn (AFP) Sept 7, 2017
A major cyberattack targets European Union military structures, with hackers using social media and "fake news" to spread confusion, and governments are left scrambling to respond as the crisis escalates. This was the scenario facing a gathering of EU defence ministers in Tallinn on Thursday as they undertook a exercise simulating a cyber assault on the bloc - the first mock drill of its ki ... read more

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Thanks for being here;
We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain.

With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords.

Our news coverage takes time and effort to publish 365 days a year.

If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.

SpaceDaily Contributor
$5 Billed Once


credit card or paypal
SpaceDaily Monthly Supporter
$5 Billed Monthly


paypal only

Comment using your Disqus, Facebook, Google or Twitter login.

Share this article via these popular social media networks
del.icio.usdel.icio.us DiggDigg RedditReddit GoogleGoogle

CYBER WARS
S. Korea, US deploy missile defence amid China protest

S.Korea, US to deploy more anti-missile defences: Seoul

S. Korea launches missile drill after North's nuclear test

US cites its nuclear capabilities in defense against N.Korea

CYBER WARS
Turkey signs deal to buy Russian S-400 missile systems

Atlantic Diving Supply receives $17.6 million contract for rocket launchers

Raytheon receives $614.5M for SM-3 Block IIA ballistic missile interceptors

Lockheed completes intitial design of helicopter-mounted missile jammers

CYBER WARS
AUD counter-drone system upgraded by Blighter

Atlas Dynamics Introduces Fixed Wing UAV with 5-Hour Flight Time, 150 Kilometer Operational Range

Atlas Dynamics Unveils NEST Smart Protective Charging Station for Enhanced Performance of Atlas Pro Platform

X-37B Flies Again In First SpaceX Launch

CYBER WARS
82nd Airborne tests in-flight communication system for paratroopers

North Dakota UAS Training Center Depends on IGC Satellite Connectivity

Northrop awarded contract for support of Air Force communications system

Industry team demonstrates Low Cost Terminal for AEHF satellites

CYBER WARS
Army ordering new shoulder-fired recoilless rifles

Australia developing wearable 'Fight Recorder' for soldiers

Marines use freeze-dried plasma to save foreign ally

Mobile Camouflage System displayed at DSEI 17

CYBER WARS
Trump pushes hardware to allies -- and ups pressure on N.Korea

United Technologies buying Rockwell Collins for $30 billion

Middle East conflicts boost Bulgarian arms exports

Defence firms eye billion-dollar chance for 'made in India'

CYBER WARS
Row in Moldova over US military drills in Ukraine

German MPs in Turkey for soldier visit amid tensions

Russia tells NATO not to worry over war games

Joint military drills begin in Ukraine as Russian war games loom

CYBER WARS
UMass Amherst environmental chemist flashes warning light on new nanoparticle

A more complete picture of the nano world

What the world's tiniest 'monster truck' reveals

Carbon nanotubes worth their salt




Memory Foam Mattress Review
Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily
XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News






The content herein, unless otherwise known to be public domain, are Copyright 1995-2017 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement