The Jim Bakker Show

NSA chief says ‘when, not if’ foreign country hacks U.S. infrastructure

SAN FRANCISCO (Reuters) – The U.S. National Security Agency chief said on Tuesday it was a “matter of when, not if” a foreign nation-state attempts to launch a cyber attack on the U.S. critical infrastructure, citing the recent hack on Ukraine’s power grid as a cause for concern.

Speaking at the RSA cyber security conference in San Francisco, Admiral Michael Rogers said he was also worried about data manipulation and potential offensive cyber threats posed by non-nation-state actors such as Islamic State.

The U.S. government said last week a December blackout in Ukraine that affected 225,000 customers was the result of a cyber attack, supporting what most security researchers had already concluded.

Some private researchers have linked the incident to a Russian hacking group known as “Sandworm.”

(Reporting by Dustin Volz; Editing by Jeffrey Benkoe)

IRS notifying more taxpayers about potential data breach

Hackers may have accessed the tax transcripts of approximately 724,000 United States taxpayers by using stolen personal information, the Internal Revenue Service announced Friday.

The agency also said hackers targeted another 576,000 accounts, but could not access them.

The announcement followed a nine-month investigation into its “Get Transcript” application.

The tool was launched in January 2014 and gave taxpayers a way to download or order several years of their transcripts through the IRS website.

However, the agency announced last May that “criminals” had been able to access other tax histories that were not their own by using personal information that had been stolen elsewhere.

The IRS originally announced that about 114,000 transcripts may have been improperly accessed, while hackers targeted another 111,000 but were unsuccessful in their attempts.

The tool has been offline ever since while officials searched for other suspicious activity.

The Treasury Inspector General for Tax Administration (TIGTA) has handled the investigations.

In August, the IRS announced TIGTA found about another 220,000 cases of potential breaches since “Get Transcript” debuted, and about 170,000 more unsuccessful suspicious attempts.

On Friday, the IRS announced TIGTA’s latest review found about 390,000 potential additional cases of improper access, and some 295,000 cases where tax data was targeted but not obtained.

The IRS noted that some of the attempts might not have been malicious.

“It is possible that some of those identified may be family members, tax return preparers or financial institutions using a single email address to attempt to access more than one account,” it said in a statement, though added it is notifying all of the affected taxpayers as a precaution.

The latest wave of taxpayers will be notified through the mail beginning Feb. 29, the IRS said.

“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” IRS Commissioner John Koskinen said in Friday’s announcement. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed.”

The agency is offering all affected taxpayers free identity theft protection services and the chance to obtain an identity protection PIN, which helps protect Social Security numbers on returns.

U.S. planned major cyber attack on Iran if diplomacy failed, NYT reports

WASHINGTON (Reuters) – The United States had a plan for an extensive cyber attack on Iran in case diplomatic attempts to curtail its nuclear program failed, The New York Times reported on Tuesday, citing a forthcoming documentary and military and intelligence officials.

Code-named Nitro Zeus, the plan was aimed at crippling Iran’s air defenses, communications systems and key parts of its electrical power grid, but was put on hold after a nuclear deal was reached last year, the Times said.

The plan developed by the Pentagon was intended to assure President Barack Obama that he had alternatives to war if Iran moved against the United States or its regional allies, and at one point involved thousands of U.S. military and intelligence personnel, the report said. It also called for spending tens of millions of dollars and putting electronic devices in Iran’s computer networks, the Times said.

U.S. intelligence agencies at the same time developed a separate plan for a covert cyberattack to disable Iran’s Fordo nuclear enrichment site inside a mountain near the city of Qom, the report said.

The existence of Nitro Zeus was revealed during reporting on a documentary film called “Zero Days” to be shown on Wednesday at the Berlin Film Festival, the Times said. The film describes rising tensions between Iran and the West in the years before the nuclear agreement, the discovery of the Stuxnet cyberattack on the Natanz uranium enrichment plant, and debates in the Pentagon over the use of such tactics, the paper reported.

The Times said it conducted separate interviews to confirm the outlines of the program, but that the White House, the Department of Defense and the Office of the Director of National Intelligence all declined to comment, saying that they do not discuss planning for military contingencies.

There was no immediate response to a request by Reuters for comment from the Pentagon.

(Reporting by Eric Walsh; Editing by Chris Reese)

Ex-government employee pleads guilty in nuclear secrets cyber attack scheme

A former government employee who was accused of trying to orchestrate a cyber attack against computers that contained information about nuclear weapons pleaded guilty to a federal computer crime, the Department of Justice announced in a news release on Tuesday afternoon.

Prosecutors said 62-year-old Charles Harvey Eccleston, a former employee of the Nuclear Regulatory Commission, admitted his guilt in the attempted “spear-phishing” attack that took place last January. Eccleston was arrested after an undercover operation in which prosecutors said the accused dealt with FBI employees who had been posing as foreign government officials.

Spear-phishing is a type of cyber attack in which people send authentic-looking emails to their targets, encouraging the recipients to open them. However, the emails contain malicious code.

According to the Department of Justice, Eccleston sent an email that he believed contained a virus to about 80 Department of Energy employees, thinking the code would allow a foreign country to infiltrate or harm their computers. Prosecutors said Eccleston targeted employees “whom he claimed had access to information related to nuclear weapons or nuclear materials.”

The code was harmless and was actually crafted by the FBI, according to the release.

Eccleston, who thought he would be paid roughly $80,000 for sending the spear-phishing email, was arrested last March during a meeting with an undercover FBI employee, prosecutors said.

“Eccleston admitted that he attempted to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” Assistant Attorney General John P. Carlin said in a statement announcing the guilty plea.

Prosecutors said Eccleston was fired from his job with the Nuclear Regulatory Commission in 2010. He moved to the Philippines the following year and had been living there until his arrest.

The alleged cyber attack wasn’t the first time that law enforcement heard Eccleston’s name.

Prosecutors said the FBI first learned about Eccleston in 2013 after he walked into an embassy in the Philippines and offered to sell a list of 5,000 U.S. government email accounts for $18,800. If the nation wasn’t interested, Eccleston said he would offer the list to China, Iran or Venezuela.

That November, the FBI sent undercover employees to meet with Eccleston and had them pose as foreign government officials. One FBI employee bought a list of 1,200 email addresses for $5,000, prosecutors said, though an investigation found the accounts were publicly available.

Prosecutors said Eccleston communicated with the employees for “several months,” and offered to help design the spear-phishing emails during a meeting with an undercover FBI employee in June 2014. He made the bogus emails look like advertisements for a nuclear energy conference.

Eccleston pleaded guilty to attempted unauthorized access and intentional damage to a protected computer and faces 24 to 30 months in prison and a $95,000 fine when he is sentenced in April, prosecutors announced.

U.S. utilities worry about cyber cover after Ukraine grid attack

(Reuters) – U.S. utilities are looking hard at their cyber vulnerabilities and whether they can get insurance to cover what could be a multi-billion dollar loss after hackers cut electric power to more than 80,000 Ukrainians last month.

The Dec. 23 incident in Ukraine was the first cyber attack to cause a power outage, and is one of just a handful of incidents in which computer hacking has caused physical effects on infrastructure rather than the loss or theft of electronic data.

A similar attack in the United States could cripple utilities and leave millions of people in the dark, costing the economy more than $200 billion, an insurance study estimated last year.

Security experts, insurance brokers, insurers and attorneys representing utilities told Reuters that the Ukraine attack has exposed long-standing ambiguity over which costs would be covered by insurance in various cyber attack scenarios.

“People in the insurance industry never did a great job clarifying the scope of coverage,” said Paul Ferrillo, an attorney with Weil, Gotshal & Manges who advises utilities.

Cyber insurance typically covers the cost of attacks involving stolen personal data. Some general property and liability policies may cover physical damage from cyber attacks, but insurers do not always provide clear answers about coverage for industrial firms, said Ben Beeson, a partner with broker Lockton Companies.

That has led to some unease among U.S. utilities.

“When you get these kind of headline-grabbing cyber incidents, there is obviously a flurry of interest,” said Dawn Simmons, an executive with Associated Energy and Gas Insurance Services, or AEGIS, a U.S. mutual insurer that provides coverage to its 300 or so members.

Getting a policy that includes cyber property damage is not cheap.

Sciemus Cyber Ltd, a specialty insurer at the Lloyd’s of London insurance market, charges energy utilities roughly $100,000 for $10 million in data breach insurance. The price balloons to as much as seven times that rate to add coverage for attacks that cause physical damage, said Sciemus Chief Executive Rick Welsh.

INDUSTRY WARNINGS

Security experts have warned for several years that a cyber attack could cause power outages due to the growing reliance on computer technology in plants that is accessible from the Internet.

In the Ukraine attack, hackers likely gained control of systems remotely, then switched breakers to cut power, according to an analysis by the Washington-based SANS Institute. Ukraine’s state security service blamed Russia for the attack, while U.S. cyber firm iSight Partners linked it to a Russian hacking group known as Sandworm Team.

Utilities are now trying to determine if they have insurance to cover these kinds of attacks, and if not, whether they need it, said Patrick Miller, founder of the Energy Sector Security Consortium, an industry group that shares information on cyber threats.

American Electric Power Company Inc, Duke Energy Corp, Nextera Energy Inc and PG&E Corp are among publicly-traded utility companies that have warned of their exposure to cyber risks in their most recent annual reports to securities regulators, and that their insurance coverage might not cover all expenses related to an attack.

Representatives with AEP, Duke and PG&E declined to disclose the limits of their insurance. Officials with Nextera could not be reached for comment.

The potential costs of an attack in the United States are huge. Last year Lloyd’s and the University of Cambridge released a 65-page study estimating that simultaneous malware attacks on 50 generators in the Northeastern United States could cut power to as many as 93 million people, resulting in at least $243 billion in economic damage and $21 billion to $71 billion in insurance claims.

The study called such a scenario improbable but “technologically possible.”

There are precedents, including the 2010 ‘Stuxnet’ attack that damaged centrifuges at an Iranian uranium enrichment facility and the 2012 ‘Shamoon’ campaign that crippled business operations at Saudi Aramco and RasGas by wiping drives on tens of thousands of PCs.

In late 2014, the German government reported that hackers had damaged an unnamed steel mill, the first attack that damaged industrial equipment. Details remain a mystery.

AMBIGUITY OVER COVERAGE

“It’s getting a little competitive just to get a carrier quoting your policy,” said Lynda Bennett, an attorney with Lowenstein Sandler, who helps businesses negotiate insurance. Some insurers have cut back on cyber coverage in response to the increase in the number and types of breaches, she added.

American International Group Inc, for example, will only write cyber policies over $5 million for a power utility after an in-depth review of its technology, including the supervisory control and data acquisition (SCADA) systems that remotely control grid operations.

“There are companies that we have walked away from providing coverage to because we had concerns about their controls,” said AIG executive Tracie Grella.

AIG and AEGIS declined to discuss pricing of policies. It seems likely they will find coverage more in demand after the Ukraine attack.

“A lot more companies will be asked by their stakeholders internally: Do we have coverage for this type of thing?” said Robert Wice, an executive with Beazley Plc, which offers cyber insurance. “Whether they actually start to buy more or not will depend on pricing.”

(Reporting by Jim Finkle; Additional reporting by Rory Carroll; Editing by Bill Rigby)

Ukraine to review cyber defenses after airport targeted from Russia

KIEV (Reuters) – Ukrainian authorities will review the defenses of government computer systems, including at airports and railway stations, after a cyber attack on Kiev’s main airport was launched from a server in Russia, officials told Reuters on Monday.

Malware similar to that which attacked three Ukrainian power firms in late December was detected last week in a computer in the IT network of Kiev’s main airport, Boryspil. The network includes the airport’s air traffic control.

Although there is no suggestion at this stage that Russia’s government was involved, the cyber attacks have come at a time of badly strained relations between Ukraine and Russia over a nearly two-year-long separatist conflict in eastern Ukraine.

“In connection with the case in Boryspil, the ministry intends to initiate a review of anti-virus databases in the companies which are under the responsibility of the ministry,” said Irina Kustovska, a spokeswoman for Ukraine’s infrastructure ministry, which oversees airports, railways and ports.

Ukraine’s state-run Computer Emergency Response Team (CERT-UA) issued a warning on Monday of the threat of more attacks.

“The control center of the server, where the attacks originate, is in Russia,” military spokesman Andriy Lysenko said by telephone, adding that the malware had been detected early in the airport’s system and no damage had been done.

A spokeswoman for the airport said Ukrainian authorities were investigating whether the malware was connected to a malicious software platform known as “BlackEnergy”, which has been linked to other recent cyber attacks on Ukraine. There are some signs that the attacks are linked, she said.

“Attention to all system administrators … We recommend a check of log-files and information traffic,” CERT-UA said in a statement.

In December three Ukrainian regional power firms experienced short-term blackouts as a result of malicious software in their networks. Experts have described the incident as the first known power outage caused by a cyber attack.

A U.S. cyber intelligence firm in January traced the attack back to a Moscow-backed group known as Sandworm.

The Dec. 23 outage at Western Ukraine’s Prykarpattyaoblenergo cut power to 80,000 customers for about six hours, according to a report from a U.S. energy industry security group.

Ukraine’s SBU state security service has blamed Russia, but the energy ministry said it would hold off on attribution until after it completes a formal probe.

(Editing by Matthias Williams and Gareth Jones)

Amazon forces some to change passwords after potential compromise

Some Amazon account holders were required to change their passwords this week after the online retailer found that the information could have been compromised.

Technology website ZDNet first reported the news Tuesday, noting Amazon wrote in an email addressed to affected users that there was “no reason” to believe the information had been leaked.

ZDNet reported the email said Amazon forced the password change as a purely precautionary measure after learning that the passwords might have been improperly stored or transmitted, which could have allowed a third party to access it.

It’s not clear how many people were asked to reset their passwords and Amazon corrected the issue.

The company has recently taken steps to improve cyber security.

Last week, it began allowing customers to require two-factor authentication to access their account. That requires users to not only successfully enter their password to log in to the website, but also a second group of characters that is typically sent to a user’s mobile phone.

Cyber security stocks get filip from Talk hack attack

Photo courtesy of Reuters/Stefan Wermuth

LONDON (Reuters) – The hacking scandal at broadband provider TalkTalk has heightened interest in stocks and companies dealing in cyber security, with some fund managers betting on more growth in the sector.

British police said on Friday that they had arrested a second teenager in connection with the breach at TalkTalk, which may have led to the theft of personal data from among the company’s more than 4 million customers.

TalkTalk was not the first such incident, but traders and investors said it should re-ignite interest in companies offering protection against hack attacks.

Market research firm Gartner has estimated that global spending on IT security is set to increase 8.2 percent in 2015 to $77 billion. Corporations around the world will spend $101 billion on information security in 2018, Gartner says.

That has caught the attention of financial markets. The ISPY exchange-traded-fund, which lets investors hold a basket of cyber security stocks – such as Cisco Systems and Sophos Group – has risen around 3 percent.

“As cyber crime continues to grow, governments and companies are prioritising cyber security as an essential investment. This is a sector we can expect to dominate headlines and corporate budgets,” said Kris Monaco, the head of ISE ETF Ventures.

Others focused on some relatively small British stocks whose shares have risen, in contrast to those of TalkTalk whose stock has fallen 6 percent in the last week.

Falanx Group has climbed 15 percent over that same period. NCC Group and Corero Network Security – an offshoot of the former Corero software business – have risen 3 percent.

Corero’s products include software that protects against attacks on Internet sites and domain addresses.

NCC has similar services, including one to test how vulnerable a company is to “phishing” – where internal emails are hacked by someone posing as an employee or outside contact – while Falanx has services monitoring clients’ computer infrastructure for signs of suspicious activity.

John Blamire, a former British Army officer who is chief executive at Falanx, said customer interest had risen since the attack on TalkTalk.

“Incidents such as the one at TalkTalk actively brings attention to organizations such as ours,” he said.

To be sure, stocks such as these would carry the usual risks associated with “small cap” stocks with a relatively small market valuation – less liquidity, which can then make them more prone to a slump and harder to sell than bigger stocks.

Nevertheless, they have attracted some big-name investment houses, with Liontrust Asset Management holding a near 10 percent stake in NCC while Blackrock Investment Management has a near 3 percent holding in Corero. Both Liontrust and Blackrock declined to comment on those holdings.

Mark Slater, chief investment officer at Slater Investments, holds around 3 million NCC shares in his company’s portfolio, and he expected NCC and others to continue to grow.

“The nature of the Internet makes it open to attack. These problems are not going to go away.”

(By Sudip Kar-Gupta; Reporting by Sudip Kar-Gupta; Editing by Lionel Laurent, Larry King)

ISIS Trying to Hack American Power Grid

On Wednesday American energy firms held a meeting about national security concerns where U.S. law officials announced that ISIS has been trying to hack the power grid.

“ISIL is beginning to perpetrate cyber attacks,” Caitlin Durkovich, assistant secretary for infrastructure protection at the Department of Homeland Security, told company executives.

Investigators didn’t reveal any details or provide any evidence to support the claims, but they did say that all attempts have been unsuccessful. They added that the terrorists lacked the right hacking technology to invade the computer systems and shut off or blow up the machines.

“Strong intent. Thankfully, low capability,” said John Riggi, a section chief at the FBI’s cyber division. “But the concern is that they’ll buy that capability.”

With hacking software available on the black markets, the FBI is now worried that ISIS and other terrorist organizations could get their hands on the right hacking software to attack power companies and grids. This would disrupt power to several U.S. homes and businesses. And the threat isn’t just ISIS; the FBI is also worried about domestic terrorists and hate groups getting their hands on the hacking technology.

U.S. officials also stated that the greatest threat to our power grid is other countries. Last year, they found malware on industrial control systems at energy companies that were traced back to the Russian government.

However, an organization taking down the entire nationwide grid – or even a section of the grid – is extremely unlikely as each grid isn’t uniform and connected like most people believe. The random patterns of the grid keep the machines and software from communicating and coordinating. It would take a large and expensive team of highly trained technical specialists to understand the layout and then hack it. Even if the team was successful, in a worst case scenario they would take out power for a small section of a major city. An entirely different cyberattack would be needed to shut down a different grid at a different plant.

The last infamous attack on a power grid was in 2013 when a sniper shot at a California energy grid substation. The attack was only for 19 minutes, but caused $15 million in damage. The Department of Homeland Security recently released a report that the attacker was likely an inside job. However, no other details were given.

15 Million T-Mobile Customers’ Data Stolen by Hackers

The credit bureau Experian experienced a data breach, revealing user data from approximately 15 million T-Mobile customers.

The data gathered by the hackers included names, addresses, birth dates, and Social Security numbers along with other forms of identification like driver’s’ license numbers. According to T-Mobile, the hackers were not able to get payment information or bank account information.

People affected by the hack may not be current T-Mobile customers. The companies announced that customers who applied for T-Mobile postpaid services or device financing between September 1, 2013 and September 16, 2015 were the ones who could be victims of the hack.

Experian stated in a press release that no evidence has been presented so far that the data has been used illegally or inappropriately. Experian is a widely used credit-information provider that has experienced several security concerns; the T-Mobile hack is just the latest incident. The last cyberattack on Experian was in 2012 when 200 million Americans had their Social Security numbers exposed.

T-Mobile CEO John Legere had strong feelings regarding the breach and said that his company would be looking for a new and more secure service provider.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” but the carrier’s top concern now is helping the people affected, Legere wrote in an open letter on T-Mobile’s site.

Experian North America stated in a notice that it was a business unit that had been compromised, and its consumer credit bureau wasn’t affected. Experian has notified international and U.S. law enforcement.

T-Mobile is now offering free credit monitoring identity resolution services from ProtectMyID for the next two years for their customers that think they may have been affected by the breach. ProtectMyID is a division of Experian.

The breach at Experian is the latest in a string of massive hacks that have claimed tens of millions of customer records. The U.S. Office of Personnel experienced a major hack earlier this year, JPMorgan Chase had a breach of data in 2014, and large retailer, Target, had a major cyberattack on their cash register systems in 2013.

Sign up for Jim Bakker Show