The Jim Bakker Show

South Korea suspects North Korea may have attempted cyber attacks

SEOUL (Reuters) – South Korea said on Wednesday it suspected North Korea of attempting cyber attacks against targets in the South, following a nuclear test by the North this month that defied United Nations sanctions.

South Korea has been on heightened military and cyber alert since the Jan. 6 test, which Pyongyang called a successful hydrogen bomb test, although U.S. officials and experts doubt that it managed such a technological advance.

“At this point, we suspect it is an act by North Korea,” Jeong Joon-hee, a spokesman of the South’s Unification Ministry, told a news briefing, when asked about reports that the North might have attempted cyber attacks.

Authorities were investigating, Jeong said, but did not provide further details.

Last week, South Korean President Park Geun-hye said the scope of threats from North Korea was expanding to include cyber warfare and the use of drones to infiltrate the South.

North Korea has been using balloons to drop propaganda leaflets in the South, amid heightened tension on the Korean peninsula since the nuclear test.

Since the test, there have been unconfirmed news reports that the computer systems of some South Korean government agencies and companies had been infected with malicious codes that might have been sent by the North.

Defectors from the North have previously said the country’s spy agency, run by the military, operates a sophisticated cyber-warfare unit that attempts to hack, and sabotage, enemy targets.

South Korea and the United States blamed North Korea for a 2014 cyber attack on Sony Pictures that crippled its systems and led to the leaks of unreleased films and employee data.

At the time, the company was set to release the film, “The Interview”, featuring a fictional plot to assassinate North Korean leader Kim Jong Un.

North Korea has denied the allegation.

In 2013, cybersecurity researchers said they believed North Korea was behind a series of attacks against computers at South Korean banks and broadcasting companies.

(Reporting by Ju-min Park and Jack Kim; Editing by Tony Munroe)

Companies look beyond firewalls in cyber battle with hackers

TEL AVIV (Reuters) – With firewalls no longer seen as enough of a defense against security breaches, companies are looking at new tools to foil hackers trying to enter a computer network.

U.S. and Israeli startups are leading the way, with new approaches such as “honeytraps” that lure a hacker to fake data or “polymorphic” technology that constantly changes the structure of applications running on a computer.

Some of the technology is still in the early stages and it remains to be seen whether it will be good enough to outfox the hackers.

But with corporate giants such as Sony and Twitter Inc facing high-profile hacks in recent years, companies are desperate for new ideas to make sure financial, personal and corporate data stays safe.

“We view this (deception technologies) as a $3 billion market over the next three years, with Israel and Silicon Valley being the epicenter of this innovation wave,” said Daniel Ives, a senior technology analyst at FBR Capital Markets.

TopSpin Security, Illusive Networks, Cymmetria and GuardiCore in Israel, California-based TrapX and Attivo Networks are among a handful of start-ups forging ahead with deception technology. Israel’s Morphisec and U.S. Shape Security are developing “polymorphic” systems.

Many of those companies use techniques partly developed in the U.S. and Israeli military that were taken to startups by veterans such as Gadi Evron, the head of Cymmetria and of Israel’s Computer Emergency Response Team.

TrapX Security offers DeceptionGrid, a technology using fake information that triggers a security alert.

TrapX clients include Israel’s central bank, U.S. hospital chain HCA, Bezeq, Israel’s largest telecoms group, and Union Bank of Israel, according to Asaf Aviram, sales director for Israel and emergent markets at TrapX.

TopSpin Chief Executive Doron Kolton said his clients include one of Israel’s top five banks, a large U.S. hospital and a mobility technology company. The product is resold by Optiv Security in the United States and Benefit in Israel.

EARLY DAYS

While still a fraction of the overall cybersecurity market, Gartner, a leading technology consultancy, sees 10 percent of businesses using deception tactics by 2018.

But Gartner analyst Laurence Pingree noted that they “have so far had only nascent adoption” as many of the companies don’t yet understand the technology.

“Educating security buyers on its usefulness will be crucial,” he said.

Some in the industry note that several companies including FireEye and CrowdStrike tried to launch similar products three or four years ago before pulling back although analysts say the technologies have improved greatly in the past two years.

“A lot of companies are looking at it but it’s still early days,” said a security executive with a Fortune 500 company.

He said deployments were quite limited, with most trials where business test the product on a limited basis at no cost.

Others said hackers may quickly be able to detect the traps.

“They will be challenged by the fact that (some) hackers are so sophisticated they might detect decoy servers or fake data,” said Ziv Mador, head of research at Chicago-based cybersecurity firm Trustwave.

The technology could offer a second layer of defense to firewalls, which cannot always block malicious attempts, he said, and did not rule out Trustwave offering deception tools in the future.

TopSpin’s Kolton also noted that deception would be “part of a bigger solution” and to “be combined with other things”.

TRAIL OF BREADCRUMBS

The system developed by TopSpin, whose investors include Check Point Software Technologies co-founder Shlomo Kramer, engages attackers once they have penetrated the network. It leads hackers to decoys by sprinkling “breadcrumbs”, such as fake credentials.

While the idea of a honeypot is not new, in the past they were used to alert IT administrators that there was a hacker in the system.

With more advanced technology they slow the hacker and set off tools to stop them getting further into the system. If they follow the trail to the trap, the company knows they are a hacker.

“When someone hits a honeypot it’s malicious activity,” Kolton said.

Attivo’s website says their system lures attackers into revealing themselves when they start to look for “high-value assets”. It also promises no false-alarms, a problem with traditional detection systems.

Other tools are being developed that would prevent hackers from penetrating a network entirely.

Morphisec, backed by Jerusalem Venture Partners, Deutsche Telekom and GE Ventures, has developed technology that randomly changes the structure of applications running on the computer.

“When an attack seeks its target it expects to find a certain memory structure. With Morphisec it finds something different,” Morphisec CEO Ronen Yehoshua said.

Shape Security of California also uses such “polymorphic” technology.

While these new ideas have mainly been generated by start-up companies, investors say bigger, more established security players are interested.

“I’d say that many antivirus companies are already looking into building similar technologies on their own or buying them,” JVP managing partner Gadi Tirosh said.

(Additional reporting by Jim Finkle in Boston; Editing by Anna Willard)

White House announces major background checks overhaul following data breach

WASHINGTON (Reuters) – The U.S. government will set up a new agency to do background checks on employees and contractors, the White House said on Friday, after a massive breach of U.S. government files exposed the personal data of millions of people last year.

As a part of a sweeping overhaul, the Obama administration said it will establish a National Background Investigations Bureau. It will replace the Office of Personnel Management’s (OPM) Federal Investigative Services (FIS), which currently conducts investigations for over 100 Federal agencies.

The move, a stiff rebuke for FIS and OPM, comes after last year’s disclosure that a hack of OPM computers exposed the names, addresses, Social Security numbers and other sensitive information of roughly 22 million current and former federal employees and contractors, as well as applicants for federal jobs and individuals listed on background check forms.

Unlike FIS, the new agency’s information systems will be handled by the Defense Department, making it even more central to Washington’s effort to bolster its cyber defenses against constant intrusion attempts by hackers and foreign nationals.

“We can substantially reduce the risk of future cyber incidents” by applying lessons learned in recent years, said Michael Daniel, White House cyber security policy coordinator, on a conference call with reporters.

The White House gave no timeline for implementing the changes, but said some would begin this year. It will seek $95 million more in its upcoming fiscal 2017 budget for information technology development, according to a White House fact sheet.

‘NOT THERE YET’

Officials have privately blamed the OPM data breach on China, though security researchers and officials have said there is no evidence Beijing has maliciously used the data trove.

Controversy generated by the hack prompted several congressional committees to investigate whether OPM was negligent in its cyber security practices. OPM Director Katherine Archuleta resigned last July as the government intensified a broad push to improve cyber defenses and modernize systems.

“Clearly we’re not there yet,” Admiral Mike Rogers, head of the National Security Agency, said at a cyber security event in Washington this week when asked about U.S. preparedness against hacks. The damage done by cyber attacks, he added, “is going to get worse before it gets better.”

OPM has been plagued by a large backlog of security clearance files, prompting it to rely on outside contractors for assistance, possibly compromising cyber security.

The Defense Department and OPM did not respond when asked if the government will still rely on support from contractors.

Representative Jason Chaffetz, the Republican chairman of a House of Representatives panel that has been looking into the issue, said Friday’s announcement fell short.

“Protecting this information should be a core competency of OPM,” Chaffetz said in a statement. “Today’s announcement seems aimed only at solving a perception problem rather than tackling the reforms needed to fix a broken security clearance process.”

(Additional reporting by Mark Hosenball and Andrea Shalal; editing by Kevin Drawbaugh, Susan Heavey and Alan Crosby)

Ukraine to review cyber defenses after airport targeted from Russia

KIEV (Reuters) – Ukrainian authorities will review the defenses of government computer systems, including at airports and railway stations, after a cyber attack on Kiev’s main airport was launched from a server in Russia, officials told Reuters on Monday.

Malware similar to that which attacked three Ukrainian power firms in late December was detected last week in a computer in the IT network of Kiev’s main airport, Boryspil. The network includes the airport’s air traffic control.

Although there is no suggestion at this stage that Russia’s government was involved, the cyber attacks have come at a time of badly strained relations between Ukraine and Russia over a nearly two-year-long separatist conflict in eastern Ukraine.

“In connection with the case in Boryspil, the ministry intends to initiate a review of anti-virus databases in the companies which are under the responsibility of the ministry,” said Irina Kustovska, a spokeswoman for Ukraine’s infrastructure ministry, which oversees airports, railways and ports.

Ukraine’s state-run Computer Emergency Response Team (CERT-UA) issued a warning on Monday of the threat of more attacks.

“The control center of the server, where the attacks originate, is in Russia,” military spokesman Andriy Lysenko said by telephone, adding that the malware had been detected early in the airport’s system and no damage had been done.

A spokeswoman for the airport said Ukrainian authorities were investigating whether the malware was connected to a malicious software platform known as “BlackEnergy”, which has been linked to other recent cyber attacks on Ukraine. There are some signs that the attacks are linked, she said.

“Attention to all system administrators … We recommend a check of log-files and information traffic,” CERT-UA said in a statement.

In December three Ukrainian regional power firms experienced short-term blackouts as a result of malicious software in their networks. Experts have described the incident as the first known power outage caused by a cyber attack.

A U.S. cyber intelligence firm in January traced the attack back to a Moscow-backed group known as Sandworm.

The Dec. 23 outage at Western Ukraine’s Prykarpattyaoblenergo cut power to 80,000 customers for about six hours, according to a report from a U.S. energy industry security group.

Ukraine’s SBU state security service has blamed Russia, but the energy ministry said it would hold off on attribution until after it completes a formal probe.

(Editing by Matthias Williams and Gareth Jones)

Hyatt says data breach started in August

(Reuters) – Hyatt Hotels Corp said a previously reported malware attack on its payment processing system occurred between August 13 and Dec. 8.

The hotel operator said on Thursday it identified unauthorized access to payment card data from cards used onsite at certain Hyatt-managed locations, primarily at its restaurants.

The company also said the “at-risk window” for a limited number of locations began on or shortly after July 30.

Shares of Hyatt were down 3.1 percent in afternoon trading.

Hyatt also said it has arranged a third-party identity protection and fraud detection firm to provide one year of services to affected customers at no cost.

The company did not disclose the number of cards affected.

The company disclosed in December that its payment processing system was infected with information-stealing malware but did not mention how long its network was infected.

Hyatt, controlled by the billionaire Pritzker family, is the fourth major hotel operator to warn of a breach since October.

Hilton Worldwide Holdings Inc and Starwood Hotels & Resorts Worldwide Inc disclosed attacks on payment processing systems in November.

Donald Trump’s luxury hotel chain, Trump Hotel Collection, also confirmed the possibility of a data security incident.

(Reporting by Radhika Rukmangadhan in Bengaluru; Editing by Don Sebastian)

Migration, climate top World Economic Forum’s report on global risks

LONDON (Reuters) – We live in an increasingly dangerous world, with political, economic and environmental threats piling up, according to experts polled by the World Economic Forum.

Ahead of its annual meeting in Davos next week, the group’s 2016 Global Risks report on Thursday ranked the migrant crisis as the biggest single risk in terms of likelihood, while climate change was seen as having the greatest potential impact.

Around 60 million people have been displaced by conflicts from Syria to South Sudan, pushing refugee flows to record levels that are some 50 percent higher than during World War II.

Coupled with attacks such as those on Paris last year and geopolitical fault lines stretching from the Middle East to the South China Sea, the world is today arguably less politically stable than at any time since the end of the Cold War.

Economic fears, particularly for Chinese growth, and increasingly frequent extreme weather events are further red flags, resulting in a greater breadth of risks than at any time in the survey’s 11-year history.

“Almost every risk is now up over the last couple of years and it paints an overall environment of unrest,” said John Drzik, head of global risk at insurance broker Marsh, who helped compile the report.

“Economic risks have come back reasonably strongly, with China, energy prices and asset bubbles all seen as significant problems in many countries.”

Last year, the threat of conflict between states topped the list of risks for the first time, after previous editions mostly highlighted economic threats.

British finance minister George Osborne, one of those heading to the Alpine ski resort set the mood last week, warning that 2016 opened “with a dangerous cocktail of new threats”.

The Jan. 20-23 Davos meeting will bring together players from geopolitical hot spots such as the foreign ministers of arch-rivals Iran and Saudi Arabia, as well as the biggest ever U.S. delegation, including Vice President Joe Biden.

North Korea’s invitation, however, has been revoked, after it conducted a nuclear test, defying a United Nations ban.

CYBER RISK A WILD CARD

The immediate problems of Middle East tensions, China’s turbulent markets and a tumbling oil price are likely to dominate corridor conversations at Davos.

But long-term concerns identified in the report center more on physical and societal trends, especially the impact of climate change and the danger of attendant water and food shortages.

While last month’s climate deal in Paris may act as a signal to investors to spend trillions of dollars to replace coal-fired power with solar panels and windmills, it is only a first step.

For businesses, the transition from fossil fuels remains uncertain, especially as political instability increases the risk of disrupted and canceled projects.

One wild card is cyber attack, which business leaders in several developed countries, including the United States, Japan and Germany, rank as a major risk to operations, although it does not make the top threat list overall.

The report analyzed 29 global risks for both likelihood and impact over a 10-year horizon by surveying nearly 750 experts and decision makers.

(Editing by Alexander Smith)

U.S. official sees more cyber attacks on industrial control systems

MIAMI (Reuters) – A U.S. government cyber security official warned that authorities have seen an increase in attacks that penetrate industrial control system networks over the past year, and said they are vulnerable because they are exposed to the Internet.

Industrial control systems are computers that control operations of industrial processes, from energy plants and steel mills to cookie factories and breweries.

“We see more and more that are gaining access to that control system layer,” said Marty Edwards, who runs the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

ICS-CERT helps U.S. firms investigate suspected cyber attacks on industrial control systems as well as corporate networks.

Interest in critical infrastructure security has surged since late last month when Ukraine authorities blamed a power outage on a cyber attack from Russia, which would make it the first known power outage caused by a cyber attack.

Experts attending the S4 conference of some 300 critical infrastructure security specialists in Miami said the incident has caused U.S. firms to ask whether their systems are vulnerable to similar incidents.

Edwards said he believed the increase in attacks was mainly because more control systems are directly connected to the Internet.

“I am very dismayed at the accessibility of some of these networks… they are just hanging right off the tubes,” he said in an on-stage interview with conference organizer Dale Peterson.

Edwards did not say whether those attacks had caused any service disruptions or threatened public safety.

Sean McBride, a critical infrastructure analyst with iSight Partners who attended the talk, said the increase may reflect more publicity in recent years over risks over cyber attacks, which prompted operators to find more infections.

McBride said he could not say if the increase was troubling because he did not know the intent of the attackers.

Edwards and a DHS spokesman declined to elaborate on his comments.

ICS-CERT said in an alert this week that it had identified malware used in the attack in Ukraine as BlackEnergy 3, a variant of malware that the agency said in 2014 had infected some U.S. critical infrastructure operators.

A DHS official said on Tuesday that government investigators have not confirmed whether the BlackEnergy malware caused the Ukraine incident.

“At this time there is no definitive evidence linking the power outage in Ukraine with the presence of the malware,” said the official, who was not authorized to discuss the matter publicly.

Edwards did not discuss the Ukraine attack during his talk.

(Reporting by Jim Finkle in Miami; Editing by Leslie Adler)

U.S. helping Ukraine investigate December power grid hack

WASHINGTON (Reuters) – The U.S. Department of Homeland Security said on Tuesday it was helping Ukraine investigate an apparent attack last month on the country’s power grid that caused a blackout for 80,000 customers.

Experts have widely described the Dec. 23 incident at western Ukraine’s Prykarpattyaoblenergo utility as the first known power outage caused by a cyber attack. Ukraine’s SBU state security service has blamed Russia for the incident, while U.S. cyber firm iSight Partners linked it to a Russian hacking group known as “Sandworm.”

In an advisory, DHS said they had linked the blackout to malicious code detected in 2014 within industrial control systems used to operate U.S. critical infrastructure. There was no known successful disruption to the U.S. grid, however.

DHS said the “BlackEnergy Malware” appears to have infected Ukraine’s systems with a spear phishing attack via a corrupted Microsoft Word attachment.

The DHS bulletin from the agency’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, is the first public comment about the Ukraine incident.

A report released by Washington-based SANS Inc over the weekend concluded hackers likely caused Ukraine’s six-hour outage by remotely switching breakers in a way that cut power, after installing malware that prevented technicians from detecting the intrusion. The attackers are also believed to have spammed the Ukraine utility’s customer-service center with phone calls in order to prevent real customers from communicating about their downed power.

DHS and the FBI did not immediately respond to requests for additional comment.

(Reporting by Dustin Volz and Jim Finkle; Editing by Doina Chiacu and Andrew Hay)

Database of 191 Million U.S. Voters Exposed on Internet: Researcher

By Jim Finkle and Dustin Volz

(Reuters) – An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday.

The database includes names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Vickery said in a phone interview.

Vickery, a tech support specialist from Austin, Texas, said he found the information while looking for information exposed on the Web in a bid to raise awareness of data leaks.

Vickery said he could not tell whether others had accessed the voter database, which took about a day to download.

While voter data is typically considered public information, it would be time-consuming and expensive to gather a database of all American voters. A trove of all U.S. voter data could be valuable to criminals looking for lists of large numbers of targets for a variety of fraud schemes.

“The alarming part is that the information is so concentrated,” Vickery said.

Vickery said he has not been able to identify who controls the database, but that he is working with U.S. federal authorities to find the owner so they can remove it from public view. He declined to identify the agencies.

A representative with the Federal Bureau of Investigation declined to comment.

A representative with the U.S. Federal Elections Commission, which regulates campaign financing, said the agency does not have jurisdiction over protecting voter records.

Regulations on protecting voter data vary from state to state, with many states imposing no restrictions. California, for example, requires that voter data be used for political purposes only and not be available to persons outside of the United States.

Privacy advocates said Vickery’s findings were troubling.

“Privacy regulations are required so a person’s political information can be kept private and safe,” said Jeff Chester, executive director of the Washington-based Center for Digital Democracy. The leak was first reported by CSO Online and Databreaches.net, computer and privacy news sites that Vickery said helped him attempt to locate the database’s owner.

CSO Online said the exposed information may have originally come from campaign software provider NationBuilder because the leak included data codes similar to those used by that firm.

In a statement, NationBuilder Chief Executive Officer Jim Gilliam said the database was not created by the Los Angeles-based company, but that some of its information may have come from data it freely supplies to political campaigns.

“From what we’ve seen, the voter information included is already publicly available from each state government, so no new or private information was released in this database,” Gilliam said.

(Reporting by Jim Finkle and Dustin Volz; Editing by Jonathan Oatis)

Hackers Access Power Grid, N.Y. Dam; Might Have Accessed Government Talks

Hackers gained access to the United States power grid, including detailed drawings that could have been used to cut power to millions of people, according to a new Associated Press report.

The report, published Monday, indicated that there have been roughly 12 times in the past 10 years when foreign hackers accessed the networks controlling lights across the United States.

That includes one instance where hackers, believed to be from Iran, had swiped passwords and detailed sketches of dozens of power plants, invaluable tools if one planned to cut off the power. Cybersecurity experts told the Associated Press the breach (which affected energy company Calpine, which operates 83 power plants) dates to at least August 2013 and could be ongoing.

The Associated Press reported that hackers accessed passwords that could have been used to access Calpine’s networks remotely, along with highly detailed drawings of 71 energy-related facilities across the country. That could allow skilled hackers to specifically target certain plants.

But targeting a plant and successfully shutting off the power are two different things.

The Associated Press report noted the power grid is designed to keep the lights on when utility lines or equipment fail. To cause a widespread blackout, a hacker would have to be exceptionally skilled, bypassing not only a company’s security measures but also creating specialized code that disrupts the interactions of the company’s equipment. Still, experts told the AP that it remains possible for a sufficiently skilled and motivated hacker to send a large swath of the country into blackout, and enough intrusions have occurred that a foreign hacker can likely “strike at will.”

The Associated Press report was published the same day the Wall Street Journal unveiled that Iranian hackers accessed the controls of a dam about 20 miles away from New York City in 2013.

In another breach, tech company Juniper Networks announced last Thursday that it discovered some “unauthorized code” in its software that could have allowed skilled hackers to improperly access some devices and decrypt secure communications. CNN reported the FBI is investigating the hack because it fears the code might have been used to spy on government correspondence.

Because government use of Juniper products is so widespread, one U.S. official told CNN the hack was like “stealing a master key to get into any government building.” CNN reported a foreign government is believed to be behind the hack, but it still is not clear who is responsible.

Juniper said it released a patch that corrects the issue. The company said it wasn’t aware of “any malicious exploitation” of the security loophole, but noted there likely wasn’t a way to reliably detect if a device had been compromised because hackers could have easily erased the evidence.

Sign up for Jim Bakker Show