The #DataInsecurity Digest | Issue 48

Issue 48 | June 21, 2017

#DataInsecurity Digest: Massive RNC leak exposes vulnerability of political profile data; WannaCry could’ve been much worse

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: The intricacy of personal profiles compiled by modern political campaigns received some unwanted attention this week thanks to a breach at a contractor for the Republican National Committee that exposed 198 million potential voter records. This massive breach revealed voters’ names, addresses, and information about their suspected opinions on a variety of issues. Meanwhile, on the Hill, cybersecurity was front and center last week with five different cybersecurity hearings, where, we learned that the WannaCry ransomware attack was meant to be much worse–almost 7 million computers worse. In a historic testimony before the Senate Intelligence Committee, former FBI Director James Comey stated that he has no doubts that Russia launched a hacking effort aimed at nonprofits and political parties. Not to be forgotten, point-of-sale breaches continued to garner headlines as fashion retailer The Buckle became the latest victim.

And now on to the clips!

—————–

RNC exposes personal information of 198 million potential voters. Security researcher @VickerySec found nearly 200 million unsecured potential voter profiles posted online by an IT contractor for the Republican National Committee. These profiles contained “names, addresses of voters and an ‘RNC ID’ that can be used with other exposed files” to determine individuals’ political preferences, “such as a voter’s likely positions on 46 different issues ranging from how likely it is the individual voted for Obama in 2012, whether they agree with the Trump foreign policy of ‘America First’ and how likely they are to be concerned with auto manufacturing as an issue, among others.” (Source: The Hill)

Former CIA Director: Urge Congress to pass cybersecurity legislation. Last week, former CIA Director John Brennan urged Americans to take action to improve cybersecurity, stating “You all need to continue to put the pressure on your elected representatives in Congress to take this matter seriously … People frequently say it’s going to take a 9/11 in the cyber realm in order for us as a country to be able to come to terms and deal more effectively with cyber challenges.” (Source: Cyber Scoop)

WannaCry was meant to be much worse… Salim Neino, the founder of Kryptos Logic told legislators last Thursday that while the virus infected nearly 300,000 computers worldwide, if the “kill switch” had not been found, 7 million computers in the United States alone could have been infected. “It could have been much, much worse,” said former Obama Administration Chief Information Officer Ret. Air Force Brig. Gen. Gregory T. Touhill, while testifying in the House last Thursday. “I view WannaCry as a slow-pitch softball whereas the next one may be a high and tight fastball coming in. We need to be ready.” (Source: McClatchy)

NSA: North Korea behind WannaCry ransomware attack.  The Washington Post is reporting that the NSA is “moderately confident” that the DPRK was behind the first computer worm to be used in a ransomware attack. @nakashimae states that North Korea’s motivation behind the WannaCry attack was financial, as it appears to have been “an attempt to raise revenue for the regime.” (Source: Washington Post)

Tax identity thieves get help from Equifax’s lax cybersecurity practices. @briankrebs is reporting that thanks to the Equifax’s lax security, “crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.” This breach of sorts affected employees whose employers used TALX, an Equifax subsidiary that provides online payroll, HR, and tax services.” Data security advocates argue that TALX “should have required customers to use stronger two-factor authentication options, such as one-time tokens sent to an email address or mobile devices,” as with a little research, security questions can often be cracked by a dedicated hacker. (Source: Krebs on Security

Breach du Jour: The Buckle. For nearly six months, the clothing store The Buckle was infected with POS malware that was quietly collecting customers’ credit card numbers, names, and expiration dates. (Source: International Business Times)

James Comey: ‘There was a massive (hacking) effort to target government and nongovernmental agencies, like nonprofits.’ In the high-profile Senate hearing, Comey also commented that while “we found no indication of any change in vote tallies… There [were] efforts aimed at voter registration systems.” (Source: New York Times)

A major security flaw at Molina Healthcare exposed countless medical records. @briankrebs is reporting that the Fortune 500 company @molinahealth did not require user authentication to access their records. The security flaw created a situation where “having access to a single hyperlink to a patient record would allow an attacker to enumerate and download all other claims,” simply by changing a single number in the hyperlink. (Source: Krebs on Security)

Canadian spy agency: It is ‘very likely’ that hackers will try to influence upcoming Canadian elections. @LeahSchnurr and @5thEstate report that the Canadian spy agency believes that “politicians and the media are more vulnerable to cyber threats than elections themselves, given that federal elections are largely paper-based.” (Source: Reuters)

National Consumers League
Published June 21, 2017