Credit and debit card information belonging to customers made purchases at 51 UPS Store Inc. locations in 24 states this year may have been illegally accessed as the result of an intrusion into the company’s networks.
In a statement on Wednesday, UPS said it was recently notified by law enforcement officials about a “broad-based malware intrusion” of its systems.
A subsequent investigation by an IT security firm showed that attackers had installed previously unknown malware on systems in more than four-dozen stores to gain access to cardholder data. The affected stores represent about 1% of the 4,470 UPS Store locations around the country.
The intrusion may have exposed data on transactions conducted at the stores between Jan. 20 and Aug. 11, 2014. “For most locations, the period of exposure to this malware began after March 26, 2014,” UPS said in a statement.
In addition to payment card information, the hackers also appear to have gained access to customer names, as well as postal and email addresses.
Each of the affected locations is individually owned and runs private networks that are not connected to other stores, UPS added. The company provided alist of affected locations.
The breach is the third significant one to be disclosed in the past week. Last Thursday, grocery store chain Supervalu announced it had suffered a malicious intrusion that exposed account data belonging to customers who had shopped at about 180 of the company’s stores in about a dozen states. The breach also affected customers from several other major grocery store chains for which Supervalu provides IT services.
The U.S. Marshals Service on Friday auctioned off about 30,000 bitcoins seized during a raid on Silk Road, an Internet black-market bazaar where authorities say illegal drugs and other goods were being sold.
An online auction took place over a 12-hour period on Friday for the bitcoins, valued at nearly $17.7 million. It consisted of nine blocks of 3,000 bitcoins and one block of 2,657 bitcoins. The Marshals Service has said it would notify the winning bidders today.
A spokeswoman for the Marshals Service declined to say how many bids the office received. Among those who said they registered to participate in the auctions were SecondMarket and Bitcoin Shop Inc.
Silk Road was shutdown after an FBI raid in September 2013 as agents took control of its server and arrested a Texas man, Ross Ulbricht, that the authorities said owned and operated the website.
The auction was for 29,655 bitcoins contained in files residing on its servers, which were forfeited in January.
Chris DeMuth, a partner at Rangeley Capital who had been considering bidding, said last week the chance the Marshals Service gets the market price for the bitcoins is low.
“Anyone could pay market prices on existing exchanges,” he said. “So the key question is how much of a discount do bidders want.”
The Marshals are holding about 144,342 additional bitcoins found on computer hardware belonging to Ulbricht that were subject to a civil forfeiture proceeding.
Ulbricht, 30, is scheduled to face trial Nov. 3. He has pleaded not guilty to the four counts against him, including money laundering conspiracy and engaging in a continuing criminal enterprise.
U.S. authorities have separately charged three men – Andrew Jones, Gary Davis and Peter Nash – in connection with their alleged roles in assisting Ulbricht in operating Silk Road.
Bitcoin prices were up 3.1 percent Friday at $597.41 per coin, according to the digital currency exchange CoinDesk.
Sally Beauty Holdings acknowledge on Monday that it too was a victim of a data breach, an incident that may have occurred alongside a project to update point-of-sale terminals at its U.S. stores, a recent regulatory filing shows.
The Denton, Texas, based company, which has more than half of its 4,669 stores in the U.S., said it found evidence that fewer than 25,000 records containing credit card data were accessed and possibly removed, according to a statement.
That follows its statement on March 5 that it was investigating “rumors” of a breach but had no reason to believe any credit card or consumer data had been lost.
The data it now says was likely stolen is known as “Track 2″ card data. Payment cards have a magnetic stripe on the back that contains three data tracks. Track 2 data contains only the card number and expiration data. Track 1 data contains the card number, expiration data and cardholder’s name, and Track 3 is rarely used.
Forensic investigators from Verizon are working with Sally Beauty along with the U.S. Secret Service.
“As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation,” the company said.
“As a result, we will not speculate as to the scope or nature of the data security incident,” it said.
A representative of a public relations firm for Sally Beauty said the company could not comment further.
Sally Beauty’s annual report for fiscal 2013 shows the company undertook large IT infrastructure upgrade projects worldwide, including installing a new POS system for 2,450 stores in the U.S.
Target and Neiman Marcus blamed recent data breaches on malicious software that had been installed on POS systems, which are modern, software-driven cash registers that process card payments.
Target’s POS terminals were infected with a type of malware called a “RAM scraper.” The malware recorded payment card details after a card was swiped and the unencrypted data briefly sat in a system’s memory.
Sally Beauty wrote in its annual report that the POS system is expected to provide benefits such as enhanced tracking of customer sales and store inventory reports.
Sprint Corp and the federal government both agreed to fight in court over how much money law enforcement agencies owe the wireless provider for help the company was required to give investigators who wanted to tap phone calls.
The Obama administration filed a suit in U.S. District Court in San Francisco on Monday, alleging that Sprint overcharged the government $21 million for expenses it incurred while complying with court-ordered wiretaps and other surveillance help.
Sprint said it plans to defend the matter “vigorously.”
Telecommunications companies, including Sprint, are routinely asked to assist with investigations by helping facilitate phone surveillance such as wiretaps or so-called “pen registers,” which record data about phone calls, though not their content.
The companies are required to maintain equipment and facilities to be ready to assist. They are allowed to request reimbursements for related “reasonable expenses.”
In the case, San Francisco U.S. Attorney Melinda Haag alleged that Sprint “knowingly submitted false claims” to the FBI, Drug Enforcement Administration, Marshals Service and other law enforcement agencies from January 1, 2007 to July 31, 2010, inflating costs by about 58 percent.
The lawsuit said Sprint violated the anti-fraud law known as the False Claims Act and went against the federal regulations that prohibit carriers from using the reimbursements for wiretap cooperation to pay for updates to their equipment, facilities and services.
“Because Sprint’s invoices for intercept charges did not identify the particular expenses for which it sought reimbursement, federal law enforcement agencies were unable to detect that Sprint was requesting reimbursement of these unallowable costs,” the Justice Department said in the lawsuit.
Sprint, however, said its invoices to the federal agencies fully complied with the law that requires the government to reimburse reasonable costs incurred in assisting law enforcement agencies with electronic surveillance.
“We have fully cooperated with this investigation and intend to defend this matter vigorously,” said Sprint spokesman John Taylor.
The False Claims Act is the U.S. government’s main tool for recovering money when it think it has been defrauded, usually by a contractor such as an arms maker or hospital chain.
Federal Bureau of Investigation (FBI) has arrested five people, two of whom ran websites, on suspicion of offering or using hacking on demand services.
In a statement the FBI said that it has picked up two website operators and three users in an international operation involving the cooperation of Romanian, Indian and Chinese authorities.
The five domestic suspects have been charged with obtaining unauthorized access to email accounts, and the FBI thinks they will all plead guilty.
Mark Anthony Townsend, 45, of Cedarville, Arkansas and Joshua Alan Tabor, 29, of Prairie Grove, Arkansas are accused of operating a password sourcing hacking website called needapassword.com.
The other three, John Ross Jesensky, 30, of Northridge, California, Laith Nona, 31, of Troy, Michigan, and Arthur Drake, 55, of the Bronx, New York are charged with buying services from hacking websites, including one deal that was worth over $20,000.
The global swoop saw four people arrested in Romania, and a number of websites including zhackgroup.com, spyhackgroup.com, rajahackers.com, clickhack.com, ghostgroup.org and e-mail-hackers.com have been shut down.
Indian authorities arrested Amit Tiwari, who ran www.hirehacker.net and www.anonymiti.com, while in China the hiretohack.net website has been smacked down.
“As part of an international law enforcement operation involving Romania, India, and China, federal prosecutors have charged two operators of a United States based e-mail hacking website, as well as three customers of other hacking websites based in other nations, with computer fraud offenses,” said the FBI in a statement.
“These charges are the product of an international investigation coordinated by the Federal Bureau of Investigation, which received the assistance of the United States Air Force Office of Special Investigations and the Naval Criminal Investigative Service.”
The bitcoin, valued by many for its anonymity, fell to $129 from over $140 a day before, according to a website for trading bitcoins, Mt.Gox. Earlier, the currency traded as low as $110.
Supporters say using bitcoins offers benefits including lower fraud risk and increased privacy, though critics argue the anonymity it offers makes the currency a magnet for drug transactions, money-laundering and other illegal activities.
The digital currency’s drop came after the FBI arrested alleged Silk Road owner Ross William Ulbricht, 29, known as “Dread Pirate Roberts,” on Tuesday in San Francisco.
Silk Road allowed tech-savvy sellers to post ads for drugs and other illegal products, which they sold for bitcoins and shipped to customers through the mail, according to the federal criminal charges filed against Ulbricht.
As well as Silk Road shoppers, drug traffickers who worried about the FBI tracking them down with data confiscated from Ulbricht may account for some of Wednesday’s bitcoin sell-off, said Garth Bruen, a security expert at Internet consumer group Digital Citizens Alliance.
“They’re going to be pouring all over his records, getting subpoenas for every piece of data and account he has ever used and trying to figure out who all these different dealers are,” said Bruen. “People are jumping ship.”
While bitcoins, which are not backed by a government or central bank, have begun to gain a footing among some businesses and consumers, they have yet to become an accepted form of payment on the websites of major retailers such as Amazon.com.
The charges against Ulbricht said that Silk Road generated sales of more than 9.5 million bitcoins, roughly equivalent to $1.2 billion. There are currently about 11.8 million bitcoins in circulation.
The Federal Bureau of Investigation (FBI) has issued a warning about the Syrian Electronic Army (SEA), the pro-Assad hacker group that has become adept at spearphishing attacks and Twitter account takeovers.
The warning is in a memo and comes to us via the security blog belonging to Matthew Keys.
Keys has reproduced the memo and shared it on Scribd. The document says that the SEA has been around since 2011 and has compromised a number of high profile media outlets.
It warns of attack methods that include spearphishing, DNS attacks and web defacements, and it reminds us that the SEA posted a story about US President Obama to the Associated Press.
“Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security,” said the FBI memo. “If you detect anomalous or malicious traffic or network behavior, please contact your local FBI Cyber Task Force.”
The SEA acknowledged the FBI’s attention on its Twitter feed. It appeared unmoved by the glare of law enforcement publicity.
It has long played a game of whack-a-mole with websites like Facebook and Twitter, both of which regularly force it to change accounts. According to the SEA the group is on its 225th Facebook account.
It publishes details of its takeovers through these accounts, and on it’s own homepage, a Pinterest webpage and an Instagram account.
As well as hacking into media websites the hacker group has also struck mobile apps, DNS systems and the Australian web hosting business Melbourne IT. Doing all this has helped it to break onto the webpages of news media outfits like the Huffington Post, the BBC and Reuters.
U.S. regulators and law enforcement agencies were scheduled to meet on Monday with an advocacy group for Bitcoin, a digital currency that has been under fire for its alleged role in facilitating anonymous money transfers and supporting online purchases of illegal street drugs.
The meeting in Washington was arranged by the Treasury Department’s anti-money laundering unit at the request of the Bitcoin Foundation, an advocacy group of Bitcoin-related businesses.
It will be an opportunity for wide-ranging discussions about the digital currency, a Treasury official said.
Bitcoins, which have been around since 2008, first came under scrutiny by law enforcement officials in mid-2011 after media reports surfaced linking the digital currency to the Silk Road online marketplace where marijuana, heroin, LSD and other illicit drugs are sold.
In recent months, the U.S. government has taken steps to rein-in the currency and more regulatory action is expected.
Tokyo-based Mt. Gox, the world’s largest exchanger of U.S. dollars with Bitcoins, had two accounts held by its U.S. subsidiary seized this year by agents from the Department of Homeland Security on the grounds that it was operating a money transmitting business without a license.
The Federal Bureau of Investigation reported last year that Bitcoin was used by criminals to move money around the world, and the U.S. Treasury said in March that digital currency firms are money transmitters and must comply with rules that combat money laundering.
The Senate Committee on Homeland Security and Government Affairs launched an inquiry into Bitcoin and other virtual currencies earlier this month, asking a range of regulators to list what safeguards are in place to prevent criminal activity.
Samsung’s Galaxy Note 3 might not be arriving on shelves following its IFA unveiling as promptly as some might have hoped, with the UK bound eight-core model reportedly facing delays.
That’s according to Sammobile, which has heard that Samsung has delayed the octo-core model due to “overheating issues” with its latest Exynos 5 processor. This could see the release of the octo-core Samsung Galaxy Note 3 that reportedly was scheduled for a UK release being pushed back, while Samsung works on a more stable version of the processor.
There is some hope for those looking to buy a Galaxy Note 3, though, as Samsung reportedly will release a quad-core Qualcomm Snapdragon 800 model instead while it works on fixing the issues. Samsung reportedly will release that next month.
That shouldn’t hinder performance too much either, as the Samsung Galaxy Note 3 reportedly will launch with 3GB of RAM onboard and Google’s latest Android 4.3 Jelly Bean mobile operating system. This will be skinned with Samsung’s Touchwiz user interface that will feature a host of stylus-specific apps.
According to Sammobile, the phablet device will also feature a 5.68in full HD 1080p Super AMOLED display, a minimum of 32GB of internal storage expandable via microSD card, a 13MP rear-facing camera, a front-facing camera and a 3,200mAh battery. The website added that it will initially launch in black and white models, with a pink model to follow a few weeks later.
We’ll likely find out more at Samsung’s Unpacked IFA press conference on 4 September, where the firm is also expected to unveil its first smartwatch. We’ll be there to bring you all the latest.
The Federal Bureau of Investigation (FBI) has been accused of gathering data from the anonymous network known as TOR.
The FBI might be behind a security assault on the TOR network that grabs users’ information.
Security researcher Vlad Tsyrklevich said that the attack is a strange one and is most likely the work of the authorities.
“[It] doesn’t download a backdoor or execute any other commands, this is definitely law enforcement,” he said in a tweet about the discovery.
He went a bit further in a blog post, explaining that the Firefox vulnerability is being used to send data in one direction.
“Briefly, this payload connects to 22.214.171.124:80 and sends it an HTTP request that includes the host name (via gethostname()) and the MAC address of the local host (via calling SendARP on gethostbyname()->h_addr_list). After that it cleans up the state and appears to deliberately crash,” he added.
“Because this payload does not download or execute any secondary backdoor or commands it’s very likely that this is being operated by an LEA and not by blackhats.”
The bug is listed at Mozilla, and the firm has a blog post saying that it is looking into it.
Over the weekend a blog post appeared on the TOR website that sought to distant it from a number of closed down properties or hidden websites. It is thought that the shuttered websites, which were hosted by an outfit called Freedom Hosting, were home to the worst kind of abuses.
A report at the Irish Examiner said that a chap called Eric Eoin Marques is the subject of a US extradition request. He is accused of being in charge of Freedom Hosting.
“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the TOR Network,” the TOR project said.
“The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The TOR Project, Inc., the organization coordinating the development of the TOR software and research.”
Samsung Electronics Co Ltd is close to signing a deal to sell its popular line of Galaxy devices to the U.S. Federal Bureau of Investigation, sources familiar with the situation said late last Friday.
The deal would be a boost for Samsung, which is increasingly seeking to cater to the needs of government agencies, a niche long dominated by Canadian smartphone maker BlackBerry Ltd.
The FBI, with more than 35,000 employees, at present uses mainly BlackBerry devices. It is unclear whether the agency plans to replace all BlackBerry equipment with Galaxy models or whether it will use hardware from both companies.
A spokeswoman for the FBI declined to comment on the matter, saying that the selection of its new smartphones is part of an active acquisition process and any current discussions are proprietary to the government.
The imminent deal was initially reported by the Wall Street Journal late on Thursday. The WSJ also said Samsung is close to signing a smaller order for its devices with the U.S. Navy, citing people familiar with the matter.
Representatives of BlackBerry and Samsung declined to comment. BlackBerry emphasized, however, that it regards its operating system as the best in the market in terms of security features.
“The security of mobile devices is more important now than it has ever been before,” BlackBerry’s chief legal officer, Steve Zipperstein, said in an interview. “It is fair to ask why in this context anyone would consider moving from the gold standard in security, which is the BlackBerry platform.”
In May, the U.S. Pentagon cleared Samsung’s Android mobile devices and a new line of BlackBerry devices powered by the BB10 operating system for use on Defense Department networks.
Samsung has been pushing hard to convince government agencies and corporate clients that its Galaxy devices, powered by Google Inc’s Android operating system, can meet their stringent security needs.
The South Korean company hopes that the Pentagon clearance and the imminent deal with the FBI will help boost sales to security-conscious clients including banks and law firms.
Some analysts remain skeptical about whether Android can meet all security requirements of such clients, and note that the FBI itself has highlighted some vulnerabilities of the platform.
“The Android operating system hasn’t been secured properly,” said Rob Enderle, principal analyst with Enderle Group, noting that Samsung has layered technology on top of the operating system in an attempt to make its Galaxy devices safer.
One in five UK businesses experienced a DDoS attack last year according to a new survey.
Analytics firm Neustar said that while the percentage is significantly lower than that experienced by their US equivalents it is still fairly high. More than 22 percent of the 381 organisations participating in the annual trends study reported DDoS attacks, compared to 35 percent experiencing the same in a separate study carried out among US firms in 2012.
Neustar set out to measure revenue ‘risk per hour’ which is a measure of what it might cost a business in a particular sector to experience DdoS downtime. They found that the majority of organisations reckoned this at less than $1,500 per hour.
Most of the rest put it somewhere between $1,500 and $15,000 although one in four financial services firms put the number at $250,000 per hour. This cost included brand damage and unexpected customer service calls.
Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.
They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.
He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.
Quantum cryptography might not be the security secret weapon that the industry has been hoping for. In theory Quantum cryptography might allow you to encrypt a message in such a way that it would never be read by anyone. But recently methods that were once thought to be fundamentally unbreakable have been shown to be anything but.
Physicist Renato Renner from the Institute of Theoretical Physics in Zurich said the problem was that systems were not being built correctly. In 2010, for instance, that a hacker could blind a detector with a strong pulse, rendering it unable to see the secret-keeping photons.
Renner also said that there are many other problems. Photons are generated using a laser tuned to such a low intensity that it’s producing one single photon at a time. There is a certain probability that the laser will make a photon encoded with your secret information and then a second photon with that same information. All an enemy has to do is steal that second photon and they could gain access to your data.
He told Wired that if there were better control over quantum systems than we have with today’s technology then perhaps quantum cryptography could be less susceptible to problems, but such advances are at least 10 years away.
Two U.S. senators will propose that Congress or President Barack Obama’s administration should pursue trade and immigration sanctions against China and other countries that allegedly support cyberattacks on U.S. government agencies and businesses, the lawmakers said Wednesday.
Senators Sheldon Whitehouse, a Rhode Island Democrat, and Lindsey Graham, a South Carolina Republican, called on the administration, including the U.S. Department of Justice and Federal Bureau of Investigation, to step up efforts to battle cyberattacks.
Congress or the administration should block immigration from countries supporting cyberattacks on the U.S. and it should limit trading with those countries, Graham said during a hearing before the Senate Judiciary Committee’s crime subcommittee.
“Our Chinese friends seem to be hell bent on stealing anything they can get their hands on here in America,” Graham said. “We’re going to do something about this. We’re going to put nation states on notice that, if you continue to do this, you’ll pay a price.”
Witnesses pointed at China as the major source of cyberattacks on the U.S.
Graham asked witnesses to identify the top countries where attacks originate. Both Kevin Mandia, CEO of security vendor Mandiant, and Stewart Baker, a partner at law firm Steptoe & Johnson and former assistant secretary at the U.S. Department of Homeland Security, said China was by far the top attacker.
Russian attackers seem to abide by some rules of engagement and tend to withdraw after U.S. security professionals catch them attacking networks, Mandia said. “The Chinese are like a tank through a corn field, they just keep mowing through it,” he said.
Graham asked Mandia and Baker for two-page memos detailing Chinese attacks that he would take to officials with the Chinese embassy in Washington, D.C. “I’ll give you 100 pages, sir,” Mandia said.
Representatives of the Chinese Embassy in Washington, D.C., didn’t immediately respond to a request for comments on the hearing.