All posts in “hacking”

Turns out Russia went after Wisconsin’s voter registration system

It's official.
It’s official.

Image: Janie Osborne /Getty Images

Another piece of the messed-up puzzle that was the 2016 U.S. presidential election fell into place today, as the Department of Homeland Security confirmed that “Russian government cyber actors” targeted the voter registration system of a key battleground state. 

While U.S. officials had already claimed that the Russian government went after 21 states’ voter registration systems, this is the first time that names have been publicly named. And, sorry to say it Wisconsin, you have the dubious distinction of being the state in the spotlight. 

According to Reuters, the Department of Homeland Security notified all 21 states on Sept. 22, with Wisconsin Elections Commission Administrator Michael Haas quickly identifying his specific state as being affected soon after.

The news agency reports Haas saying that the Russian government “scanned internet-connected election infrastructure likely seeking specific vulnerabilities such as access to voter registration databases, but the attempt to exploit vulnerabilities was unsuccessful.”

NPR reports that officials from Washington and Connecticut also copped to the fact that their states’ voter registration systems were targeted by Russian government hackers. 

Importantly, the voter registration system is not the same as the actual machines used to cast votes — and Matt Tait of cybersecurity firm Capital Alpha Security issued a warning to everyone currently freaking out. 

That sentiment, combined with the fact that DHS officials told Congress in June that it had no proof of actual successful vote tampering by the Russian government, suggests that while this is a big story, it’s not a “Russia stole the election” story. 

Still, the fact stands that Wisconsin was a key battleground state in last year’s election, and with today’s revelation we now know that Russian officials were at least up to no good there. 

As more officials come out and identify their states as also being targeted, which they are sure to do, we’re likely to get a better picture — piece by hacked piece — of just what went down last year. 

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f9%2fb26489ce ffa8 40e4%2fthumb%2f00001

Paying for antivirus software is mostly BS

You’re just an average consumer, trying to keep your expensive electronics free from malware. And so you, like many before you, decide to pony up and pay for some fancy antivirus software. But this isn’t the ’90s, and it turns out that you might just be being taken for a ride. 

Much has changed since the heyday of programs like Norton AntiVirus, and these days installing third-party software on your computer might actually do more harm than good. Figuring out the difference between vital protection and dangerous bloatware is a tricky task, but it’s not one you can afford to ignore.

There are, of course, still plenty of reasons to be concerned about malicious software. For example, on Sept. 18 we learned that hackers piggybacked malware onto a PC-optimizing software known as CCleaner — potentially affecting millions of computers in the process. However, a breach of that sort doesn’t automatically mean you should rush out and buy something like McAfee AntiVirus Plus. 

While many antivirus services offer legit tools to defend your PC, chances are you can get decent levels of protection for free. In the case of Windows machines, consumers can turn toward Windows Defender.

“Windows Defender is malware protection that is included with and built into Windows 8,” the company explains. “This software helps identify and remove viruses, spyware, and other malicious software.” 

In fact, according to Microsoft, if you’re using Windows Defender you shouldn’t use other antivirus software. “If you install two different kinds of antivirus software, they might conflict,” notes a product page. “If you want to use antivirus software from another provider, uninstall Windows Defender first.”

Macs, too, offer some form of built-in protection against malware. Notably, macOS includes something called “Gatekeeper” that limits what can and can’t be downloaded. 

“Developers can get a unique Developer ID from Apple and use it to digitally sign their apps,” explains an Apple security page. “The Developer ID allows Gatekeeper to block apps created by malware developers and to verify that apps haven’t been tampered with. If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.”

Boxes everywhere.

Boxes everywhere.

Image: LightRocket/Getty Images

Now this is not to say that a computer protected by either Windows Defender or built-in Mac security measures is free from risk. Far from it. Enterprise users, for example, should definitely spend money ensuring their cybersecurity game is on point. However, for noncommercial users the state of affairs is vastly different from earlier times when you pretty much needed paid virus-scanning software in order to safely operate online. 

Users looking for extra protection can instead get decent stuff for free, but it’s a tricky proposition.  

One such free offer is Kaspersky Free, the makers of which claim “automatically blocks dangerous downloads – and automatically warns you about malicious websites.” That software, which, interestingly, The New York Times reports is in the process of being booted from U.S. government computers over alleged (and denied) ties to the Russian government, has received high scores from security professionals according to PC Magazine. That’s just one example of many. 

So why do people still pay for this stuff? Many may feel like they need to, which is a position that benefits the manufacturers of such software. Others find it pre-installed on their computers, and then fork over the cash because they don’t know any better. 

That lack of clarity around antivirus software is, perhaps ironically, manifesting these days itself as a security risk. People end up downloading junk software that either intentionally or unintentionally leaves their systems open to attack, all because they didn’t realize that built-in Windows and Mac tools (plus some common sense) will fight most of the battle for them.  

And that’s a misconception that antivirus software providers are likely in no rush to clear up. Which, well, is a shame. Because in the end, that might just do us all more harm than good. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f1618%2f8dd00ad1 7d71 4b39 b705 f525c9596668

Equifax was allegedly hacked months before the massive breach — by the same criminals

Jeez.
Jeez.

Image: RHONA WISE/EPA-EFE/REX/SHUTTERSTOCK

Equifax was hacked this past summer. You already know this. However, according to a new report, the company’s computer systems were also allegedly broken into in March. And here’s the kicker: The same crew might be responsible for both incidents. 

That’s right, the same culprits behind the theft of personal information on potentially 143 million Americans might have been poking around in Equifax’s databases months earlier. 

The news comes to us via Bloomberg, which notes that “three people familiar with the situation” told the publication about the alleged March intrusion. One of those three people claim “the breaches involve the same intruders.”

And it’s not like Equifax didn’t know about it at the time. As Bloomberg reports, the company hired a cybersecurity firm to investigate the March breach. But wait, it gets worse. 

That potentially the same hackers may have been able to return to Equifax’s systems to pilfer massive amounts of information is especially baffling considering the vulnerability the hackers reportedly used in the more recent breach was known in March, according to Bloomberg.  

However, the problem wasn’t fixed until the second hack was detected in July, the publication reports. That massive hack took place between May and July. 

“We know that criminals exploited a US website application vulnerability,” a company spokesperson wrote on September 15. “The vulnerability was Apache Struts CVE-2017-5638.”

Again, that Apache Struts vulnerability was reportedly known in March — meaning the company could very likely have prevented the incident later announced on September 7. The company was aware it had been breached and had the tools to fix a major problem with its site. And yet. 

In a statement to Bloomberg, however, Equifax claimed that the two hacks were unrelated. Meanwhile, The Wall Street Journal cites an unnamed source “familiar with the investigation” as saying that it looks like the hack was probably state-sponsored. No information was provided to back up that claim. 

This revelation will surely complicate matters for the Equifax executives who sold close to $2 million in stock before the public was alerted to the breach. The Senate Finance Committee is looking into the matter

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f1618%2f8dd00ad1 7d71 4b39 b705 f525c9596668

What to do if you downloaded the malware-infected CCleaner app

All you wanted was a faster computer. You thought that by downloading CCleaner, a popular and free app for optimizing PC performance, you’d sweep out those digital cobwebs and be zipping around your trusty Windows machine at lightening speeds in no time. 

But then CCleaner was compromised by hackers, and you learned that by installing it, you may have actually loaded malware onto your computer.

Thankfully for you, it’s easy to find out if your PC is potentially one of the likely millions affected by this breach. Also falling squarely in the “good news” category is the fact that if your device was infected, you can clean it right up. However, sorry to say, it’s going to be a pain. Oh, and some damage may have already been done. 

Checking your computer

First things first: How to determine if you’re at risk? According to Cisco Talos, the cybersecurity team that discovered CCLeaner was compromised, the malicious payload was delivered between August 15, 2017 and September 12, 2017. So if during that window of time you moseyed on over to Piriform’s (the company that makes CCLeaner) website and downloaded the software, you’re probably in trouble. 

Also, if you updated your CCleaner software during that almost month-long block of time, things are not looking good. Piriform issued a statement saying that versions 5.33.6162 and 1.07.3191 were impacted, so updating to either of those would have put you at risk. 

Check that version number.

Check that version number.

Image: Cisco Talos

To see what version of the software you’re running, open it up and look in the upper-left corner. The version number will display, and if it’s not one of the two listed above you’ve likely been spared. If it is one the two listed, you’re out of luck. 

What to do next

Regardless of what version you’re running, you should make sure your CCleaner is currently up to date. 

“Users of our cloud version have received an automated update,” the company said in its statement. “For all other users, if you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher, the latest version is available for download here.

However, if you want to be extra sure the malware isn’t hiding out on your computer, Cisco Talos suggests taking things a step further.   

“Affected systems need to be restored to a state before August 15, 2017 or reinstalled,” the company explains in a blog post. “Users should also update to the latest available version of CCleaner to avoid infection.”

That’s right: you need to restore your computer to a point over a month ago. And then, of course, double check to make sure that your CCleaner is up to date. 

How bad is this breach?

How scared you should be about this malware all depends on who you ask. Piriform, perhaps unsurprisingly, says everything is taken care of and you can just update and chill.

“Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version,” VP of Products Paul Yung wrote in a company release. “Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.”

But wait, it may not be all good. 

“The impact of this attack could be severe given the extremely high number of systems possibly affected,” explained Talos. “CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week. If even a small fraction of those systems were compromised an attacker could use them for any number of malicious purposes.”

In short, check if your version was compromised, restore and update as necessary, and hope for the best. Oh, and while you’re in the process of updating, maybe reconsider installing third-party software like CCleaner in the first place. 

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f9%2f4bcc541e bf65 5b83%2fthumb%2f00001

Equifax screwed up yet again, and it’s scrambling to fix this latest mess

No surprise.
No surprise.

Image: RHONA WISE/EPA-EFE/REX/SHUTTERSTOCK

Equifax can’t seem to get anything right. After exposing the personal information of potentially 143 million Americans to hackers, the credit reporting agency is under fire yet again for the way it attempted to secure the credit reports of those affected. It turns out that process, too, was vulnerable to cybercriminals. 

Now, the company is scrambling to fix what can only be called a bungled response to the data breach. For some victims, it might even be too late. 

The problem lies in how Equifax went about implementing credit freezes — something consumers worried about identity theft and fraud should implement. Essentially, if you request a credit freeze, Equifax will no longer send out credit reports to those who request it. That means if someone tries to open up a credit card in your name, the issuing bank won’t be able to get a hold of your credit report. As such, they will deny the fraudulent application. 

But what happens if and when you decide that you need a new credit card? Well, then, you simply put in an unfreeze request and validate that it’s actually you (and not the aforementioned criminal) with a PIN provided by Equifax. Except, here’s the thing: The PIN wasn’t randomly generated. Instead, it was a timestamp based upon when you asked for the credit freeze. 

And you guessed it: those PINs are vulnerable to being brute-forced by hackers. 

In other words, if someone had your social security number and tried to do something shady — only to find your credit was frozen — they could unfreeze it by guessing your PIN. Not too hot, right?

The company is taking a lot of criticism for this online, and a spokesperson told Ars Technica that it would change the process by which PINs are generated. 

“While we have confidence in the current system, we understand and appreciate that consumers have questions about how PINs are currently generated,” explained the spokesperson. “We are engaged in a process that will provide consumers a randomly generated PIN. We expect this change to be effective within 24 hours.”

But what if you already received one of the shady PINs? Well then, you can request that Equifax change your existing one. Which, considering how badly the company has handled pretty much every aspect of this breach, is sure to go over flawlessly. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f81618%2ff537bb95 7e4c 45b7 9ce2 96da68680df8