The U.S. House of Representatives is introducing an additional layer or security at parking garages below House office buildings in an effort to ensure 100 percent of the people entering the buildings have been properly screened before entering. The Capitol’s Sergeant at Arms is bringing the House office buildings’ parking garages within its secure perimeter, according to the Committee on Administration. Currently, security procedures allow drivers who park in the garages in the Rayburn, Longworth, and Cannon office buildings to enter the buildings from the garage without having to go through metal detectors or running their bags through x-ray machines. Drivers must have the proper staff identification and parking permits to enter the garage, but employees who park in any of the of the House office building garages are not subject to the same security screening as employees and visitors who enter on foot. On Feb. 22, the first phase of screening will be introduced at Longworth, Cannon, and Ford House Office Buildings. The second phase will begin in the fall and is expected to encompass Rayburn. Upon completion, the staff will be required to utilize any of 7 access points in the garages to access the House Office buildings. The access points will be equipped with metal detectors and a machine to screen bags.
British police have arrested a teenager in connection to multiple high-profile attacks on senior intelligence leaders in the US. The hacker calls himself Cracka and is the apparent leader of a group called Crackas with Attitude. He is 16 years old and claimed responsibility for breaking into the personal accounts of CIA director John Brennan, Director of National Intelligence James Clapper, Secretary of Homeland Security Jeh Johnson, and FBI Deputy Director Mark Giuliano. Cracka portrayed himself as opposed to US foreign policy. He also may be connected to a November hack that exposed information for thousands of law enforcement and military personnel.
The computers at the Hollywood Presbyterian Medical Center have been down for more than a week as the Southern California hospital works to recover from a Ransomware attack. While HPMC officials are cooperating fully with the Los Angeles Police Department and the U.S. Federal Bureau of Investigation to discover the identity of the attackers, the network is still offline and staff are struggling to deal with the loss of email and access to some patient data. The hospital's President and CEO, Allen Stefanek, said the situation was declared an internal emergency, reportedly saying that the hospital's emergency room systems have been sporadically impacted by the malware. Some patients were transported to other hospitals due to the incident. In other parts of the hospital, computers essential for various functions, including CT scans, documentation, lab work, and pharmacy needs are offline. Registrations and medical records are being logged on paper and staff have been told to leave their systems offline until told otherwise. As of now, the attack has been designated as random.
Wall Street Journal (02/17/16) Spector, Mike
Apple will resist a court order to unlock an iPhone in the name of protecting consumer data. Auto makers, on the other hand, have other ideas. Americans often authorize these companies to collect mass amounts of data when purchasing a car. While the auto makers have developed voluntary privacy principles to protect consumer data, these principles do not necessitate customer permission before sharing data in response to a subpoena or similar inquiry. Permission isn’t required when data is used or shared “as reasonably necessary to comply with a lawful government request, regulatory requirement, legal order, or similar obligation,” according to a letter car company representatives sent to the Federal Trade Commission in November 2014. And a recent report found large cybersecurity gaps in vehicles that raised questions over how car companies treat data. The voluntary principles are in the spotlight, with some contending they do not ensure consumers can prevent data collection. This includes black boxes, which can track crash data and figures relating to air bag deployments, vehicle speed, and other information. Auto makers have recently launched a research initiative aimed at evaluating and sharing information about cybersecurity threats.
Apple CEO Tim Cook said that his company will resist a U.S. judge's order to access encrypted data hidden on a cellphone that belonged to the terrorist couple who killed 14 people in San Bernardino, California, last year. Cook said that such a move would undermine encryption by creating a backdoor that could potentially be used on other future devices. "In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone's physical possession," Cook said. The tech industry and the White House have long been at odds over how much access government agencies should be given to private phone data. Recently, Comey, Atty. Gen. Loretta Lynch and other national security leaders met with representatives from Google, Apple and Facebook to try and find common ground that would help investigators gain critical information about possible terror plots without compromising the privacy of the companies' customers. The order, signed by U.S. Magistrate Judge Sheri Pym in Riverside, California, does not ask Apple to break the phone's encryption but rather to disable the feature that wipes the data on the phone after 10 incorrect tries at entering a password. That way, the government can try to crack the password using “brute force” — attempting tens of millions of combinations without risking the deletion of the data. Apple says it has cooperated with the Federal Bureau of Investigation during the investigation, complying with valid search warrants and subpoenas. The company says the government now effectively wants it to create a new version of its iPhone software that bypasses important security measures.
A new report from Moscow-based cybersecurity firm Kaspersky Lab outlines a sophisticated group of Russian hacker's exploitation of commercial satellites to help obfuscate their efforts to steal sensitive data from diplomatic and military targets in Europe and the United States. The group is refereed to by some as Turla, after the malicious software it makes use of, and it has targeted government organizations, embassies, and companies in Russia, China, and dozens of other countries. Research groups and pharmaceutical firms have also been targets. Turla's technique involves first infecting a target computer with malware via a watering hole attack on a website they know the target frequently visits. Once Turla has control of the target computer, it instructs the computer to send stolen data to the IP address of an unsuspecting satellite Internet user being spoofed by Turla. Because the data is beamed out over the entire range of the satellite's beam, which can be thousands of miles, the location of the command and control servers receiving the data is effectively hidden. According to Kaspersky's Stefan Tanase, Turla tends to use satellite Internet connections in the Middle East and Africa, likely in an effort to avoid the scrutiny of security researchers and law enforcement. While Kaspersky does not link Turla to the Russian government, other researchers have.
Washington Post (09/10/15) Nakashima, Ellen
Fiat Chrysler Automobiles U.S. arm said it would recall 7,810 sport utility vehicles in the United States to update software for radios to prevent hacking. The announcement comes more than a month after the company recalled about 1.4 million vehicles in the United States for the software update. Cybersecurity researchers used the Internet to turn off a car's engine as it drove. The recalled vehicles include the 2015 Jeep Renegade SUVs equipped with 6.5-inch touchscreens. More than half of the recalled vehicles remain with dealers and will be serviced before they are sold.
New York Times (09/04/15)
In today’s America, it is no longer uncommon to wake up to news of an aggravated attack, shooting, or terrorist event. Both Lafayette, LA and Nashville, TN have been recent hosts to theater shootings. On top of that, who can forget the horrific shooting within the historic church in South Carolina? Regardless of the motive, all of these crimes have one thing in common – tragedy.
And you thought tax season was stressful.
This week the IRS discovered it had experienced a data breach,according to the AP. Hackers stole the information of more than 100,000 people through online system provided by the agency called "Get Transcript" that lets users view their previous tax returns and other filings. The system was targeted from February to May of this year, with about 200,000 attempts made by the hackers to get the information from the system.
Related: 6 Surprising Places Hackers Hide
To get into the system, the hackers had to know taxpayer's birthdates, tax filing status, address, Social Security numbers and additional personal security questions. Tax returns often have the information of not only the person filing but of their dependents as well.
“We’re confident that these are not amateurs but organized crime syndicates that not only we, but others in the financial industry are dealing with" said IRS Commissioner John Koskinen.
Related: 8 Ways to Build a Better Password
Koskinen said in a press conference this week that the "Get Transcript" system had been shuttered for the time being. While this application was hacked, the agency's main computer wasn't affected. The organization estimates that it has processed "fewer than $15,000" of the fraudulent tax returns filled out with this stolen information, leading to $50 million in refunds.
In a statement yesterday, the agency said that it will be sending letters to all 200,000 people involved in the hack (whether the account was breached or it was attempted to be accessed). It is also offering free credit monitoring for those whose information was stolen. The IRS' criminal investigation unit and the treasury inspector general for tax administration are conducting investigations into the breach, and Congress will likely begin holding hearings soon.
You’ve heard the expression, “Locks were made to keep honest people honest.” The same may be said for identity theft protection.
Related: IRS Hack Affects More Than 100,000 Taxpayers
You can do everything within your power to keep your information private, but hackers and criminals intent on stealing and using your identity are also intent on finding a way to make it happen. They’re crafty. They're persistent.
That doesn’t mean you shouldn’t take steps to protect your personal information. It just means you also need to be persistent about protecting your information and become aware of the steps to take if your information is compromised. Such knowledge will allow you to act quickly, and possibly stem the damage.
1. Shred old tax records.Tax records should be kept for at least three years in a secure location inside the home. When disposing a tax return, be sure to use a paper shredder. Also, if you plan to sell or discard your computer, keep in mind that electronic files may remain on the computer’s hard drive even after you have deleted them.
2. Be suspicious of “IRS” phone calls.The IRS has warned repeatedly about pervasive phone scams. Do not fall victim by giving out personal information over the phone, even if the caller seems legitimate. Take a phone number, then contact the IRS on your own or have your tax preparer check with the IRS on your behalf.
3. Be wary of phishing scams.Emails claiming to come from the IRS and requesting personal information likely are fraudulent. The IRS typically initiates contact with taxpayers via U.S. mail. If you receive an email alleging that it comes from the IRS, don’t click the link. Call the IRS and verify the communication yourself, or have your tax preparer check on your behalf.
Related: How You Can Better Protect Your Privacy
4. Check your credit.Review your credit report at least once a year. There are many sites that promise to give you a credit report, but www.annualcreditreport.com is the only site authorized by federal law that provides a free report annually.
5. Protect your electronic information.If you do your taxes online, make sure your home computers have security software, with firewalls and other protections, that updates regularly. Use strong passwords and change them regularly. Resist the urge to use a public computer or public Wi-Fi when dealing with sensitive personal data.
If you fear that your personal information has been compromised, the first step to take is to submit an identity theft affidavit. By submitting this affidavit, also known as Form 14039, you'll be helping the IRS mark your account to identify questionable activity. This is a good choice if your personal information, such as your Social Security number and birthdate, has been revealed as part of a data breach.
The next step will be to request a fraud alert, which lasts 90 days. An alert allows creditors to access your credit report only if they can verify your identity. The alert is a free service. Once you’ve placed one, you are entitled to a free credit report from each of the three credit reporting companies. Review your reports and, if you see issues, contact the businesses where the fraud has taken place. Then follow up with a letter sent by certified mail, in line with the Federal Trade Commission's advice.
If you know your personal information has been compromised, see if you are eligible for an Identity Protection PIN (IP PIN). The IRS has limits on who can obtain an IP PIN, according to specific criteria. For example, you must have received an IP PIN in the past, or received IRS notice CP01A or CP01F or filed your last tax return as a resident of Florida, Georgia or Washington, D.C.
If you cannot receive an IP PIN, submit an Identity Theft Affidavit. The IRS recommends that you then file a police report, or an FTC complaint or contact one of the three credit bureaus, as well as contact your bank to close any and all accounts.
Don’t forget that your tax preparer can assist you, if you do become a victim of identity theft. Your preparer should be able to provide you with copies of your past tax returns to help you prove your identity, as well as help you manage any IRS correspondence and work with you through this long and sometimes difficult process.