ViaSat is adding new products and services aimed at government agency and military customers, it said in a Monday news release. It said the new offerings include cybersecurity vulnerability assessment and remediation services and managed security services, and cyber-sensing capabilities available via software upgrades to some of its network managed security services.
Muneeb and Sohaib Akhter, both 23, of Springfield, Virginia, pleaded guilty Friday to charges of conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization, and conspiracy to access a government computer without authorization, said a news release from the U.S. Attorney’s Office of the Eastern District of Virginia. Muneeb Akhter also pleaded guilty to additional charges of accessing a protected computer without authorization, making a false statement and obstructing justice, it said. Muneeb Akhter faces up to 50 years in prison, and Sohaib Akhter up to 30 years, it said. Around March 2014, they hacked into a cosmetics company website and stole credit card and personal information for thousands of the company’s customers, it said. “Muneeb Akhter also provided stolen information to an individual he met on the ‘dark net,’ who sold the information to other dark-net users and gave Akhter a share of the profits." In a separate incident, the Akhter brothers and “co-conspirators” attempted to hack the Department of State computer network to “obtain sensitive passport and visa information and other related and valuable information about State Department computer systems,” the release said. “Around February 2015, Sohaib Akhter used his contract position at the State Department to access sensitive computer systems containing personally identifiable information belonging to dozens of co-workers, acquaintances, a former employer, and a federal law enforcement agent investigating his crimes,” it said. And the U.S. Attorney's office said that around November 2013, Muneeb Akhter did contract work for a data aggregation company in Rockville, Maryland, and “hacked into the company’s database of federal contract information so that he and his brother could use the information to tailor successful bids to win contracts and clients for their own technology company."
The Justice Department will continue to prosecute those who use virtual currency to commit crimes, but DOJ is aware of the many legitimate actual and potential uses of virtual currency, and encourages compliance with regulations and state license requirements, said Assistant Attorney General Leslie Caldwell Friday during an American Bar Association event on digital currencies. Digital currency has the “potential to promote a more efficient online marketplace” and potentially “lower costs for brick and mortar businesses, by removing the need to pay credit card-related costs,” Caldwell said. In theory, digital currency can help speed up and reduce the cost of cross-border transactions, she said. “Criminals have been among the first to enthusiastically embrace the use of virtual currency, primarily in crime involving the Internet,” Caldwell said. “Many criminals like virtual currency systems because these systems conduct transfers quickly, securely and with a perceived level of anonymity.” The “irreversibility of payments made in virtual currency and lack of oversight by a central financial authority is appealing,” as is the ability to “conduct international peer-to-peer transactions that lack immediately available personally identifying information,” Caldwell said. DOJ has had a strong record of bringing cases in which virtual currencies were used to facilitate criminal conduct, by relying principally on money services business, money transmission and anti money laundering statutes, she said. Some states such as New York established virtual-currency specific licensing requirements, Caldwell said. “As virtual currencies become more mature and better understood by criminals, we expect to see an increase in both individualized criminal activity and large-scale money laundering enterprises.”
“You have to kind of salute the Chinese for what they did," Director of National Intelligence James Clapper said, referring to the Office of Personnel Management breach Thursday at the U.S. Geospatial Intelligence Foundation Symposium in Washington. If the U.S. had the opportunity to breach the data the Chinese stole from OPM, the intelligence community wouldn’t hesitate for a moment, Clapper said. When asked to confirm whether the Chinese were responsible for the breach, Clapper said China was the “leading suspect.” Council on Foreign Relations Cyber Policy Senior Fellow Robert Knake wrote a blog post Friday saying that he wasn’t that concerned about the impact on U.S. human intelligence following the breach because the U.S. is aware of the breach, the CIA is “pretty good at what they do,” password resets already were weak, spearfishing is already pretty effective and blackmail is an overstated threat. The Chinese Embassy in Washington had no comment.
Google released Chrome v 43.0.2357.130 for Linux, Mac and Windows to address multiple vulnerabilities Monday, one of which may let an attacker obtain sensitive information, said a U.S. Computer Emergency Readiness Team alert. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google Chrome Technical Program Manager Anthony Laforge wrote in a blog post Monday. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
The U.S. District Court in Los Angeles granted a partial motion to dismiss a data breach class action suit against Sony Pictures Entertainment after the breach of sensitive and personal information of at least 15,000 former and current Sony employees, said a post Tuesday on the Hunton & Williams’ privacy and information security law blog. The class action against Sony alleged negligence, breach of implied contract, violation of the California Customer Records Act, violation of the California Confidentiality of Medical Information Act, violation of the Unfair Competition Law, declaratory judgment, violation of Virginia Code 18.2‑186.6, and violation of Colorado Revised Statutes 6-1-716, the post said. “Sony moved to dismiss for lack of Article III standing under Rule 12(b)(1) and failure to state a claim under Rule 12(b)(6),” it said. Sony’s challenge against Rule 12(b)(1) was rejected, as the court said the “personally identifiable information (PII) was stolen and posted on file-sharing websites for identity thieves to download, and that the PII was used to send threatening e-mails to employees and their families,” the post said. Challenges to Rule 12(b)(6) were both granted and denied. The plaintiffs' argument that implied contract claim was breached was dismissed, as were the claims the breach violated the California Customer Records Act, and the Virginia and Colorado breach notification claims, the post said. Negligence claims against Sony were granted and the Unfair Competition Law claim also advanced, the post said. Sony had no immediate comment.
Ransomware continues to spread and is infecting devices around the globe, an alert from the FBI's Internet Crime Complaint Center (IC3) said Tuesday. CryptoWall is the most current and significant ransomware threat targeting U.S. individuals and businesses and has been actively used to target U.S. victims since April 2014, the IC3 alert said. “The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000,” the alert said. “Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.” Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with reported losses totaling more than $18 million. Ransomware problems begin when an individual clicks on an infected advertisement, email or attachment, or visits an infected site, the alert said. “Once the victim’s device is infected with the ransomware variant, the victim’s files become encrypted.” Once a victim pays a ransom fee, usually with a digital currency like Bitcoin, they can regain access to the files that were encrypted, it said.
A federal grand jury indicted four peope in Puerto Rico in four separate cases for possession of child pornography, a Department of Justice news release said Friday. Each was charged with knowingly possessing images and videos of minors on their laptop computer and storage device, including prepubescent minors, engaging in sexually explicit conduct, the release said. Those charged are William Camacho-Ríos of San Juan, Luis Caraballo of Carolina, Carlos Colón-Rivera, of Toa Baja, and Donato Ruiz-Rivera, of Quebradillas. “People need to understand that the minors depicted in those images and videos are re-victimized every time someone downloads and/or watches them,” said U.S. Attorney for the District of Puerto Rico Rosa Emilia Rodríguez-Vélez. If convicted, the defendants would spend a minimum 10 years behind bars, the release said. The cases were brought as part of the Project Safe Childhood initiative, which marshals federal, state and local resources to better locate, apprehend and prosecute individuals who exploit children via the Internet, and to identify and rescue victims, the release said.
The Internet Crimes Against Children (ICAC) Task Forces arrested 1,140 child predators from 41 states during a two-month operation during April and May, a Department of Justice news release said Monday. During Operation Broken Heart, more than 3,000 federal, state and local law enforcement agencies targeted offenders who possess, manufacture and distribute child pornography, engage in online enticement of children for sexual purposes, engage in the sexual exploitation or prostitution of children, or engage in child sex tourism, the release said. The task forces also delivered more than 2,200 presentations on Internet safety to more than 186,000 youth and adults in April and May. “By arresting and prosecuting child predators across the country, our task forces are sending a clear message that we are working together better than ever before to bring these perpetrators to justice,” said Los Angeles Police Department Lt. Andrea Grossman, who’s also commander of the Los Angeles Regional ICAC Task Force and chairs the ICAC Public Awareness and Outreach Committee.
Data security company Vormetric found “high levels of data breach and compliance failures” in the U.K., Germany and the U.S., a news release said. Polling for the Vormetric report was done by Harris Poll in fall 2014 through online surveys. Almost 45 percent of U.S. respondents, 40 percent of U.K. respondents and 26 percent of German respondents said they had encountered a data breach or failed a compliance audit in the past year, Vormetric said. “These responses are disturbing because they represent strong evidence that organizations are systematically failing to secure their data," said Tina Stewart, vice president-global market strategy. "Part of the problem is a pervasive perception that meeting compliance standards is all that needs to be done to protect sensitive information,” she said. “With this perception, and with attacks changing by the hour, slowly evolving compliance mandates result in organizations fighting today's battles with yesterday's weapons, and failing to protect sensitive data not covered by compliance requirements." There are “notable contrasts” between how European and U.S. organizations prioritized cloud security, data accessibility, privacy violations and compliance requirements, such as 62 percent of U.S. respondents planning to increase spending on additional security measures, compared with 44 percent of German respondents and 51 percent in the U.K., the firm said.