NEWS THIS WEEK: Ukrainian hacker with tied to DNC hack surrenders; Uber agrees to improve privacy; Scottish paliament hacked

August 19th, 2017

By Byron V. Acohido

In the news this week, a Ukrainian hacker called “Profexer” who built one of the tools used to penetrate the Democratic National Committee servers last year has turned himself in to authorities. The man, who first contacted Ukrainian police earlier this year, claims he wrote a piece of software called the PAS Web shell, which the Department of Homeland Security has identified as malware used in the hack. The hacker maintains that he wasn’t behind the attack, which resulted in the release of thousands of emails sent by DNC staffers during the presidential campaign. Because there is no evidence that he used the tool to carry out the attack, he wasn’t arrested. Profexer is in touch with the FBI and is able to identify users involved in the DNC hack by their online handles. Also emerging from Ukraine is a sharper picture of what the U.S. government believes is a Russian government hacking group known as Fancy Bear. American intelligence believes it is operated by Russian military intelligence. Sources: Technology Review, The New York Times

Neo-Nazi site claims it was hacked; Anonymous says maybe not

Members of the Anonymous hacktivist collective claim that neo-Nazi website the Daily Stormer may have faked a claim that it had been taken over by hackers. Web-hosting service GoDaddy removed the Daily Stormer after it published an article viciously insulting the activist killed after a car hit her at a white nationalist rally in Charlottesville, Virginia.  Later, a message posted on the site claimed to be from Anonymous hacktivists who had taken over the site. Source: Newsweek

Tech companies ask high court to protect customers’ privacy

More than a dozen technology and wireless companies called on the Supreme Court to make it harder for government officials to access individuals’ sensitive cellphone data. The case involves a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cell phone user’s whereabouts. The brief, signed by Apple, Facebook, Twitter, Snap and Google, said that as individuals’ data is increasingly collected through digital devices, greater privacy protections are needed under the law. Source: Reuters

Los Angeles launches Cyber Lab to help small, medium-size businesses

To help strengthen cybersecurity for local businesses, Los Angeles is launching Cyber Lab, a public-private partnership that will disseminate threat intelligence generated by its Integrated Security Operations Center. Based on an analysis of 1 billion security-related events per day and data aggregated from the federal government and key private sector sources, CyberLabLA will alert small and medium-size businesses to attacks as they occur. Larger businesses can receive automated updates to their own cyber defense systems. There is no cost for businesses to become a partner of the lab. Source: GCN.com

Uber reaches deal on privacy, security with FTC

Uber agreed to improve its privacy and security practices and to allow outsiders to monitor its progress for 20 years. The deal with the Federal Trade Commission would resolve complaints stemming from a 2014 incident in which a hacker gained access to the names and driver’s license numbers of more than 100,000 Uber drivers. Source: Wired

As electrical grids get smarter, they also become more vulnerable

Electricity distribution systems are being transposed to smart grids, which make use of two-way communication and computer processing. This is making them increasingly vulnerable to cyber attacks. “Sophisticated cyber attacks on advanced metering infrastructures are a clear and present danger,” according to a report in the International Journal of Critical Infrastructure Protection. Such attacks affect customers and distribution companies, and can include stealing data, stealing power, disrupting the grid, and denying customers power. Source: Science Daily

Hackers go after Scottish Parliament with ‘brute force’ attack

The Scottish Parliament has been targeted by a “brute force” cyber attack. Chief executive Sir Paul Grice said the attack, from “external sources,” was similar to that which affected Westminster in June. A “brute force” attack involves hackers repeatedly trying to access systems using a range of different passwords, in the hope of effectively guessing the correct password through trial and error. Source: BBC

State Department increases cybersecurity efforts with new office

The State Department established a new office earlier this year within its Diplomatic Security Service to safeguard against and respond to cybersecurity threats. The Cyber and Technology Security directorate “facilitates the conduct of global diplomacy by protecting life, property, and information with advanced cybersecurity programs and risk-managed technology innovation.” Source: The Hill

NIST looks for public comment on privacy and security controls

The National Institute of Standards and Technology is seeking public comments on a draft version of its updated special publication on privacy and security controls for government and industry data systems. NIST will accept public feedback through Sept. 12 with a plan to release the final draft of the document before the end of 2017. Source: ExecutiveGov.com

Bank of America used as bait in phishing scam

Phishing emails that appear to be from Bank of America contain fraudulent “account security validation” messages that ask recipients to update personal data. Some emails look authentic, but Bank of America warns consumers to remain skeptical of messages that claim to be from its customer service department. Source: KCRA, Charlotte, N.C.

This column originally appeared on ThirdCertainty.com