The FBI's IDLE program uses "obfuscated" data to hide real data from hackers and insider threats, making data theft harder and giving security teams a tool to spot illicit access.

Enlarge / The FBI’s IDLE program uses “obfuscated” data to hide real data from hackers and insider threats, making data theft harder and giving security teams a tool to spot illicit access. (credit: Getty Images)

The Federal Bureau of Investigations is in many ways on the front lines of the fight against both cybercrime and cyber-espionage in the US. These days, the organization responds to everything from ransomware attacks to data thefts by foreign government-sponsored hackers. But the FBI has begun to play a role in the defense of networks before attacks have been carried out as well, forming partnerships with some companies to help prevent the loss of critical data.

Sometimes, that involves field agents proactively contacting companies when they have information of a threat—as two FBI agents did when they caught wind of researchers trying to alert casinos of vulnerabilities they said they had found in casino kiosk systems. “We have agents in every field office spending a large amount of time going out to companies in their area of responsibility establishing relationships,” Long T. Chu, acting assistant section chief for the FBI’s Cyber Engagement and Intelligence Section, told Ars. “And this is really key right now—before there’s a problem, providing information to help these companies prepare their defenses. And we try to provide as specific information as we can.”

But the FBI is not stopping its consultative role at simply alerting companies to threats. An FBI flyer shown to Ars by a source broadly outlined a new program aimed at helping companies fight data theft “caused by an insider with illicit access (or systems administrator), or by a remote cyber actor.”  The program, called IDLE (Illicit Data Loss Exploitation), does this by creating “decoy data that is used to confuse illicit… collection and end use of stolen data.” It’s a form of defensive deception—or as officials would prefer to refer to it, obfuscation—that the FBI hopes will derail all types of attackers, particularly advanced threats from outside and inside the network.

Read 24 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2PG9x05
https://arstechnica.com

Promotional image of gas station.

Enlarge (credit: Wawa)

US convenience store Wawa said on Thursday that it recently discovered malware that skimmed customers’ payment card data at just about all of its 850 stores.

The infection began rolling out to the store’s payment-processing system on March 4 and wasn’t discovered until December 10, an advisory published on the company’s website said. It took two more days for the malware to be fully contained. Most locations’ point-of-sale systems were affected by April 22, 2019, although the advisory said some locations may not have been affected at all.

The malware collected payment card numbers, expiration dates, and cardholder names from payment cards used at “potentially all Wawa in-store payment terminals and fuel dispensers.” The advisory didn’t say how many customers or cards were affected. The malware didn’t access debit card PINs, credit card CVV2 numbers, or driver license data used to verify age-restricted purchases. Information processed by in-store ATMs was also not affected. The company has hired an outside forensics firm to investigate the infection.

Read 4 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/34DHHpQ
https://arstechnica.com

Dark Overlord taunted, threatened, and extorted. Now alleged member is behind bars

(credit: Adam Jones, Ph.D.)

Federal authorities say they have taken custody of a UK man who was a member of The Dark Overlord, a group that has taken credit for hacking into more than a dozen companies, stolen valuable data, and then demanded ransoms for its return. Stolen material included then-unreleased episodes of popular television shows and millions of patient records.

Nathan Wyatt, 39, was extradited from the United Kingdom to St. Louis, Missouri, after losing a year-long legal fight to block the transfer. Wyatt was arraigned in US District Court for the Eastern District of Missouri on Wednesday. He pleaded not guilty.

An indictment unsealed in the case alleged Wyatt participated in hacks on three healthcare providers, a medical records company, and an accounting firm. The indictment said Wyatt conspired with other members of The Dark Overlord to hack into the companies, steal their valuable data, and threaten to publish it unless they received payments in bitcoin.

Read 8 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2ECXkD7
https://arstechnica.com

Contractor admits planting logic bombs in his software to ensure he’d get new work

(credit: Getty Images | ullstein bild)

Many IT workers worry their positions will become obsolete as changes in hardware, software, and computing tasks outstrip their skills. A former contractor for Siemens concocted a remedy for that—plant logic bombs in projects he designed that caused them to periodically malfunction. Then wait for a call to come fix things.

On Monday, David A. Tinley, a 62-year-old from Harrison City, Pennsylvania, was sentenced to six months in prison and a fine of $7,500 in the scheme. The sentence came five months after he pleaded guilty to a charge of intentional damage to a protected computer. Tinley was a contract employee for Siemens Corporation at its Monroeville, Pennsylvania, location.

According to a charging document filed in US District Court for the Western District of Pennsylvania, the logic bombs Tinley surreptitiously planted into his projects caused them to malfunction after a certain preset amount of time. Because Siemens managers were unaware of the logic bombs and didn’t know the cause of the malfunctions, they would call Tinley and ask him to fix the misbehaving projects. The scheme ran from 2014 to 2016.

Read 1 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2Ey2foT
https://arstechnica.com

Hackers steal data for 15 million patients, then sell it back to lab that lost it

Enlarge (credit: US Air Force/Senior Airman Katie Gieratz)

Canada’s biggest provider of specialty laboratory testing services said it paid hackers an undisclosed amount for the return of personal data they stole belonging to as many as 15 million customers.

Toronto, Ontario-based LifeLabs Notified Canadian authorities of the attack on November 1. The company said a cyberattack struck computer systems that stored data for about 15 million customers. The stolen information included names, addresses, email addresses, customer logins and passwords, health card numbers, and lab tests.

The incident response, company President and CEO Charles Brown said in a statement, included “retrieving the data by making a payment.” The executive added: “We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals.” The statement didn’t say how much LifeLabs paid for the return of the data. Representatives didn’t immediately respond to an email seeking the amount.

Read 3 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2S4RIK0
https://arstechnica.com

Two toy robots listen to each other through tin cans connected by a laser beam.

Enlarge / Artist’s impression of automated IoT devices connected via 5G. (credit: Aurich Lawson / Getty)

It’s true that inorganic users don’t yell at customer-service reps or trash-talk companies on Twitter. But connected devices can also benefit from some less-obvious upgrades that 5G should deliver—and we, their organic overlords, could profit in the long run.

You may have heard about 5G’s Internet-of-Things potential yourself in such gauzy statements as “5G will make every industry and every part of our lives better” (spoken by Meredith Attwell Baker, president of the wireless trade group CTIA, at the MWC Americas trade show in 2017) and “It’s a wholly new technology ushering in a new era of transformation” (from Ronan Dunne, executive vice president and CEO of Verizon’s consumer group, at 2019’s Web Summit conference).

But as with 5G in the smartphone and home-broadband contexts, the ripple effects alluded to in statements are potentially huge—and they will take years to land on our shores. Yes, you’ve heard this before: the news is big, but it’s still early days.

Read 52 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2PXrw17
https://arstechnica.com

Illustration of a broadband satellite in space.

Enlarge / Viasat-2, a satellite launched by Viasat in 2017. (credit: Viasat)

The Federal Communications Commission is giving $87.1 million in rural-broadband funding to satellite operator Viasat to help the company lower prices and raise data caps.

The FCC’s Connect America Fund generally pays ISPs to expand their networks into rural areas that lack decent home Internet access. Viasat’s satellite service already provides coverage of 98 percent of the US population in 50 states, so it doesn’t need government funding to expand its network the same way that wireline operators do. But Viasat will use the money to offer Internet service “at lower cost to consumers, while also permitting higher usage allowances, than it typically provides in areas where it is not receiving Connect America Fund support,” the FCC said in its announcement yesterday.

Viasat’s $87.1 million is to be used over the next 10 years “to offer service to more than 121,700 remote and rural homes and businesses in 17 states.” Viasat must provide speeds of at least 25Mbps for downloads and 3Mbps for uploads.

Read 14 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2Pxl3ei
https://arstechnica.com

Illustration of a broadband satellite in space.

Enlarge / Viasat-2, a satellite launched by Viasat in 2017. (credit: Viasat)

The Federal Communications Commission is giving $87.1 million in rural-broadband funding to satellite operator Viasat to help the company lower prices and raise data caps.

The FCC’s Connect America Fund generally pays ISPs to expand their networks into rural areas that lack decent home Internet access. Viasat’s satellite service already provides coverage of 98 percent of the US population in 50 states, so it doesn’t need government funding to expand its network the same way that wireline operators do. But Viasat will use the money to offer Internet service “at lower cost to consumers, while also permitting higher usage allowances, than it typically provides in areas where it is not receiving Connect America Fund support,” the FCC said in its announcement yesterday.

Viasat’s $87.1 million is to be used over the next 10 years “to offer service to more than 121,700 remote and rural homes and businesses in 17 states.” Viasat must provide speeds of at least 25Mbps for downloads and 3Mbps for uploads.

Read 14 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2Pxl3ei
https://arstechnica.com

Stock photo of a gravedigging machine in front of a headstone.

Enlarge (credit: elycefeliz / Flickr)

In late January, the wife of a cryptocurrency-exchange founder testified that her husband inadvertently took at least $137 million of customer assets to the grave when he died without giving anyone the password to his encrypted laptop. Now, outraged investors want to exhume the founder’s body to make sure he’s really dead.

The dubious tale was first reported in February, when the wife of Gerry Cotten, founder the QuadrigaCX cryptocurrency exchange, submitted an affidavit stating he died suddenly while vacationing in India, at the age of 30. The cause: complications of Crohn’s disease, a bowel condition that is rarely fatal. At the time, QuadrigaCX lost control of at least $137 million in customer assets because it was stored on a laptop that—according to the widow’s affidavit—only Cotten knew the password to.

Widow Jennifer Robertson testified that she had neither the password nor the recovery key to the laptop. The laptop, she said, stored the cold wallet—that is, a digital wallet not connected to the Internet—that contained the digital currency belonging to customers of the exchange. In addition to at least $137 million in digital coin belonging to more than 100,000 customers, another $53 was tied up in disputes with third parties, investors reported at the time.

Read 8 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/36PdxRX
https://arstechnica.com

iDevices finally get key-based protection against account takeovers

Enlarge (credit: Yubico)

For the past couple years, iPhone and iPad users have been relegated second-class citizens when it comes to a cross-industry protocol that promises to bring effective multi-factor authentication to the masses. While Android, Windows, Mac and Linux users had an easy way to use the fledgling standard when logging into Google, GitHub and dozens of other sites, the process on iPhones and iPads was either painful or non-existent.

Apple’s reticence wasn’t just bad for iPhone and iPad users looking for the most effective way to thwart the growing scourge of account takeovers. The hesitation was bad for everyone else, too. With one of the most important computing platforms giving the cold shoulder to WebAuthn, the fledgling standard had little chance of gaining critical mass.

And that was unfortunate. WebAuthn and its U2F predecessor are arguably the most effective protection against the growing rash of account takeovers. They require a person logging in with a password to also present a pre-enrolled fingerprint, facial scan, or physical security key. The setup makes most existing types of account takeovers impossible, since they typically rely solely on theft of a password.

Read 26 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/34vG5hN
https://arstechnica.com

Stock photo of empty jail cell.

Enlarge / This listing image is slightly hyperbolic—Nginx co-founders Sosoev and Konovalov didn’t do time in jail, they were “just” detained and interrogated at gunpoint in their homes at 7am local time. (credit: Ken Mayer / Flickr)

Maxim Konovalov and Igor Sysoev—founders and creators of the popular Web server software Nginx—were arrested, detained, and interrogated last Thursday. Sysoev’s former employer, Rambler—Russia’s third-largest Internet company, which occupies a roughly similar position in Russian-language Internet to Yahoo or AOL at their height in the English-speaking world—alleged that it owned the rights to Nginx’s source code, due to Sysoev having originally developed it while an employee at Rambler.

In an interview with Meduza.io—a news site focusing on Russian and former Soviet Union reporting—founder Konovalov decried Rambler’s move as “a typical racket, simple as that,” and he went on to state that no attempt had been made to negotiate with or even notify him or Sysoev before the raid happened. Their first indication of a problem came with the police raids which detained the two, seized IT equipment from them, and interrogated them early that morning. Konovalov described the raid as “professional and polite, if you exclude the fact that special forces agents were standing around with automatic weapons… then there were interrogations. Generally speaking, the questions weren’t particularly interesting or pleasant.”

Konovalov characterized the move as a money-grabbing shakedown from the current leadership at Rambler, inspired by Nginx’s $670 million acquisition by American tech giant F5 Networks approximately six months earlier.

Read 10 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2RXJZxa
https://arstechnica.com

Stock photo of empty jail cell.

Enlarge / This listing image is slightly hyperbolic—Nginx co-founders Sosoev and Konovalov didn’t do time in jail, they were “just” detained and interrogated at gunpoint in their homes at 7am local time. (credit: Ken Mayer / Flickr)

Maxim Konovalov and Igor Sysoev—founders and creators of the popular Web server software Nginx—were arrested, detained, and interrogated last Thursday. Sysoev’s former employer, Rambler—Russia’s third-largest Internet company, which occupies a roughly similar position in Russian-language Internet to Yahoo or AOL at their height in the English-speaking world—alleged that it owned the rights to Nginx’s source code, due to Sysoev having originally developed it while an employee at Rambler.

In an interview with Meduza.io—a news site focusing on Russian and former Soviet Union reporting—founder Konovalov decried Rambler’s move as “a typical racket, simple as that,” and he went on to state that no attempt had been made to negotiate with or even notify him or Sysoev before the raid happened. Their first indication of a problem came with the police raids which detained the two, seized IT equipment from them, and interrogated them early that morning. Konovalov described the raid as “professional and polite, if you exclude the fact that special forces agents were standing around with automatic weapons… then there were interrogations. Generally speaking, the questions weren’t particularly interesting or pleasant.”

Konovalov characterized the move as a money-grabbing shakedown from the current leadership at Rambler, inspired by Nginx’s $670 million acquisition by American tech giant F5 Networks approximately six months earlier.

Read 10 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2RXJZxa
https://arstechnica.com