Blog

CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

China calls OPM hack accusation ‘groundless’

China calls OPM hack accusation ‘groundless’
June 5, 2015

By Byron Acohido, ThirdCertainty

China accused the United States of “groundless accusations” and being “irresponsible” in blaming Chinese hackers for a data breach that could be the biggest cyber attack in U.S. history. Four million federal workers may have had their personal data exposed, and officials said the hack could affect every U.S. government agency. U.S. officials and lawmakers identified the likely culprit as China. However, China Foreign Ministry spokesman Hong Lei it was hard to prove who was responsible for cyber attacks. “Without the thorough investigation, you jump to a conclusion so quickly.” He stopped short of an outright denial but said China was against cyber attacks. China has been battling hacks on its own soil in recent days. A report by state news agency Xinhua said that a group known as OceanLotus had stolen information from its government. Sources: NBC News; The (U.K.) Independent

A kernel of prevention

As Apple prepares for its Worldwide Developers Conference to open June 8, speculation is surging about what will be introduced. One of the expected announcements will be about OS X 10.11, which could focus on enhancements and security features. The new operating system may have a “kernel-level” feature named “Rootless,” that will basically be malware’s worst enemy. Rootless is expected to increase extension security and preserve sensitive data. Source: Gizmodo

sh_world war web_400

Duck and cover

We are in the early years of a cyber war arms race, security guru Bruce Schneier told delegates at the Infosecurity Europe exhibition. Schneier, CTO of Resilient Systems, said the Stuxnet attacks on Iran by the U.S. and Israel in 2010, Iran’s attack on Saudi Aramco, China’s apparent role in hacking GitHub, and the North Korean assault on Sony last year are all examples. “These nations are building up for cyber war, and now we’re all in the blast radius,” he said in London. Most of these attacks inflict collateral damage, Schneier said, adding that cyber strikes are likely to become the mainstream aspect of many conflicts. Source: The Register

I’ll take a flat screen, a laptop …

Federal officials arrested seven Sacramento, Calif., residents in an alleged massive mail fraud and identity theft scheme with more than 2,200 victims. A nonprofit organization for disabled kids was among those hit. The U.S. Attorney’s criminal complaint alleges the suspects had the equipment to put stolen account numbers onto blank credit cards. They then used the cards to buy such things as expensive electronics. The suspects face up to 15 years in prison. Source: KHTK, Sacramento

sh_cracked piggy bank_400

Cracked piggy banks

Payroll and computer-repair companies could be a weak link in some financial advisers’ cybersecurity plans. The Securities and Exchange Commission, which oversees investment advisers, has issued guidance on how firms can monitor vendors who help them run their businesses, but an SEC examination of 57 broker-dealers and 49 registered investment advisers revealed that most had experienced cyber attacks directly or through their vendors, according to a February report. And 30 percent of 40 banking organizations surveyed by the New York Department of Financial Services did not appear to require outside vendors to notify them of breaches, according to an April report. Source: Reuters

To tell or not to tell

Google and Facebook are caught in the middle of a clash between European Union lawmakers on whether the U.S. tech giants should be covered by rules forcing companies to report cyber attacks to government agencies in the 28-nation bloc. While the European Commission wants search engines and social networks included in a revamped law on network and information security, some lawmakers want to focus more on critical infrastructure such as banks and power stations. The proposed rules would impose some of the world’s toughest reporting requirements on companies considered vital to European markets, including banks, utilities and health and transport providers. Source: Bloomberg Business

sh_microsoft settings_400

We’ll share what we know

Microsoft gave its privacy policy and service agreement a face-lift and offered users a central clearinghouse to manage privacy settings for data the company keeps on them. The privacy dashboard (in the Security and Privacy section of Microsoft’s account administration page) gives users links to control data stored for personalizing their experience on Bing, which apps and services use their information, whether Microsoft personalizes ads for them, and whether the company can market to them via email. Source: PCWorld

Across the nation

Federal officials charged Kenosha, Wis., resident Meo Peng with conspiring to engage in wire fraud, identity theft and misuse of the United States’ Automated Export System to further criminal activity. Peng has agreed to plead guilty to such activities using others’ identities to buy luxury vehicles for export to China. … Allen University in Columbia, S.C., will add a computer science major with a cybersecurity concentration to its curriculum. … About 51 cadets from across the nation are expected at the Cyber Defense Training Academy starting June 8, at Joint Base San Antonio-Lackland. Civil Air Patrol cadets will learn about cybersecurity to prepare for national competitions such as CyberPatriot and the National Collegiate Cyber Defense Competition. Sources: Fox6, Milwaukee; Florence (S.C.) Morning News; San Antonio Business Journal

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started