Tag Archives: Hacker

Kansas nuclear operator is victim in hacking spree: Bloomberg

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Jim Finkle

(Reuters) – Hackers recently breached a Kansas nuclear power operator as part of a campaign that breached at least a dozen U.S. power firms, Bloomberg News reported on Thursday, citing current and former U.S. officials who were not named.

The Wolf Creek nuclear facility in Kansas was breached in the attack, according to Bloomberg.

A representative with the Wolf Creek Nuclear Operating Corp declined to say if the plant was hacked, but said it continued to operate safely.

“There has been absolutely no operational impact to Wolf Creek. The reason that is true is because the operational computer systems are completely separate from the corporate network,” company spokeswoman Jenny Hageman said in an email to Reuters.

The report identified the first known victims of a hacking campaign targeting the power sector that was first reported by Reuters on June 30. The attacks were described in a confidential June 28 U.S government alert to industrial firms, warning them of a hacking campaign targeting the nuclear, power and critical infrastructure sectors.

The U.S. Department of Homeland Security and Federal Bureau of Investigation said that hackers had succeeded in compromising networks of some targets, but did not name victims. The government also released a 30-page bulletin with advice on how firms could bolster security to defend against the attacks.

The alert said that hackers have been observed using tainted emails to harvest credentials to gain access to networks of their targets.

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

Homeland Security and the FBI issued a statement to Reuters late on Thursday saying that the alert was part of an ongoing effort to advise industry of cyber threats.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the agencies said.

A nuclear industry spokesman told Reuters on Saturday that hackers have never gained access to a nuclear plant.

The Homeland Security technical bulletin included details of code used in a hacking tool that suggest the hackers sought to use the password of a Wolf Creek employee to access the network.

Hageman declined to say if hackers had gained access to that employee’s account. The employee could not be reached for comment.

(Reporting by Jim Finkle in Toronto; Additional reporting by Dustin Volz in Washington; Editing by Bernard Orr)

Spam campaign targets Google users with malicious link

A security guard keeps watch as he walks past a logo of Google in Shanghai, China, April 21, 2016. REUTERS/Aly Song/File Photo

By Jim Finkle and Alastair Sharp

(Reuters) – Alphabet Inc <GOOGL.O> warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.

Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.

The attack used a relatively novel approach to phishing, a hacking technique designed to trick users into giving away sensitive information, by gaining access to user accounts without needing to obtain their passwords. They did that by getting an already logged-in user to grant access to a malicious application posing as Google Docs.

“This is the future of phishing,” said Aaron Higbee, chief technology officer at PhishMe Inc. “It gets attackers to their goal … without having to go through the pain of putting malware on a device.”

He said the hackers had also pointed some users to another site, since taken down, that sought to capture their passwords.

Google said its abuse team “is working to prevent this kind of spoofing from happening again.”

Anybody who granted access to the malicious app unknowingly also gave hackers access to their Google account data including emails, contacts and online documents, according to security experts who reviewed the scheme.

“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Cappos said he received seven of those malicious emails in three hours on Wednesday afternoon, an indication that the hackers were using an automated system to perpetuate the attacks.

He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.

(Reporting by Alastair Sharp and Jim Finkle in Toronto; editing by Grant McCool)

British Born ISIS Hacker and Recruiter Killed in Drone Strike

A British citizen who intelligence officials say was a head of terrorist group ISIS’ cyberwarfare division has been killed in a U.S. drone strike.

Juaniad Hussain, also called Abu Hussain al-Britani, died in an airstrike in Raqqa, Syria.  U.S. officials say they have a “high level of confidence” that Hussain is dead.

Hussain has been confirmed as the target of the attack as he moved in a convoy.  The strike was part of a 48 hour campaign aimed at the terrorist’s power structure in their self-proclaimed capital.

“This is a great intelligence success,” one U.S. official told CNN.

Cybersecurity experts say that while Hussain was more of a nuisance than serious hacker, he was especially dangerous in recruiting hackers and others to join the terrorist group.

“He wasn’t a serious threat. He was most likely a nuisance hacker,” Adam Meyers, vice president of cybersecurity firm CrowdStrike, told the London Independent.   “It was his involvement in recruitment, communications and other ancillary support that would have made him a target.”

Hussain had spent six months in prison for hacking the personal address book of British Prime Minister Tony Blair in 2012.  He left for Syria soon after the sentence.

Hackers Take Control of Jeep Cherokee From Miles Away

Two hackers have shown an exploit in the Jeep Cherokee that would allow them to take control of the vehicle from miles away.

In one demonstration, they caused the vehicle to crash.

Two cybersecurity experts, Charlie Miller and Chris Valasek, worked with Wired magazine to expose a flaw in the computer software that allows remote takeover the vehicle by anyone with knowledge of computer hacking.

In one test, Wired magazine staffer Andy Greenberg was driving 70 miles an hour near downtown St. Louis when the air conditioning suddenly blasted at maximum,  the radio changed to a new radio station and blasted full volume and the windshield wipers turned on while blasting wiper fluid making it almost impossible to see the road.

The hackers then put a picture of themselves on the car’s digital display.

The hackers had previously performed similar experiments with a Ford Escape and Toyota Prius, although they were in the backseats of the car.

In these tests, they were more than 10 miles away in the basement of one of the two security experts.

A test conducted away from traffic for safety reasons showed the hackers could lock up brakes, disable driving and transmission and kill the engine.  In one test, the driver was helpless as the car crashed off the road into a ditch.

The hackers can also track the car’s GPS, measure speed and drop pins on a map to track the car’s movements.

Chrysler responded while they appreciate the efforts to show exploits that can be corrected, they were not pleased the information was released.

“Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company’s statement reads. “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”