Bureau of Criminal Apprehension of Minnesota HACKED…!
Personal information of Minnesota law enforcement, critical infrastructure personnel published online after massive hack
By Tony Webster
A trove of Minnesota law enforcement data was published online after hackers broke into the servers of a vendor of the Minnesota Bureau of Criminal Apprehension and Hennepin County Sheriff’s Office
The sensitive information includes details about key Minnesota security and intelligence personnel at every level of government.
Information on over 9,000 government and industry personnel dating back over 15 years were divulged in a breach of data from ICEFISHX, an intelligence sharing and emergency alert website, which is part of the Minnesota Fusion Center, the intelligence wing of the Minnesota Bureau of Criminal Apprehension.
The stolen data was contained in “BlueLeaks,” which is being called the largest leak of U.S. law enforcement data in history, and was published online in mid-June by Distributed Denial of Secrets, a team of transparency activists who say they have no political leaning.
The hacked data included over 20,000 files, such as intelligence briefings, software code, suspicious activity alerts, COVID-19 situation reports, violent offender advisories, as well as internal information such as codewords to use when reporting suspected terrorist activity. But some of the most sensitive data might be information on first responders and those keeping Minnesota’s critical infrastructure safe.
An internal CIA report released Tuesday found that the agency's failure to secure its own systems led to the massive 2017 data breach that enabled classified information, including details on 35 CIA hacking tools, to be leaked to WikiLeaks.
A redacted version of the report, prepared by the CIA's WikiLeaks Task Force in 2017, was released by Ron Wyden, D-Ore., a member of the Senate Intelligence Committee.
The report calls out the CIA's Center for Cyber Intelligence for not prioritizing internal cybersecurity and focusing, instead, on developing offensive cyber weapons.
This lax attitude toward preventive cybersecurity measures within the CIA continued even after previous high-profile data breaches of the agency and other intelligence departments, the report states.
The WikiLeaks Task Force report was prepared after the leaking of the CIA hacking tools, which were referred to as "Vault 7" (see: WikiLeaks Dumps Alleged CIA Malware and Hacking Trove).
The theft of the hacking tools, which apparently happened sometime in 2016, was not discovered until WikiLeaks published the Vault 7 series in 2017. Later, the U.S. Justice Department brought charges against Joshua Schulte, a former CIA employee, who is suspected of stealing the CIA hacking tools and then giving them to WikiLeaks, according to the Washington Post, which first reported on the Wyden letter.
U.S. financial institutions are vulnerable to a new array of attacks from cybercriminals and nation-state hackers as a result of the COVID-19 pandemic, experts told a Congressional panel this week at a virtual hearing.
The Tuesday testimony before the House Financial Services' Committee's National Security, International Development and Monetary Policy subcommittee came as Democratic and Republican lawmakers introduced a series of legislative proposals to deal with the challenges facing financial institutions.
In their testimony, experts warned that banks and other financial institutions are not equipped to mitigate the latest cyberthreats - including sophisticated hacking campaigns, ransomware attacks, cryptojacking, intellectual property theft and business email compromise schemes - that have surged during the COVID-19 crisis.
The shift to a remote workforce has led many firms to change their approach to cybersecurity at a time when attacks are increasing, experts testified (see: Rethinking Risk for the Remote Workforce).
In the first five months of 2020, cyberattacks against the American financial sector have increased by a staggering 238%, Kellermann said. Ransomware attacks have surged at an even greater rate, he added.
Time for another internet of things update nightmare: Researchers have found that a little-known software library that's been widely used for decades - by numerous companies and in many products - has serious vulnerabilities that need immediate fixing.
This time, the flaws - dubbed "Ripple20" by researchers - involve TCP/IP code from Cincinnati-based Treck, which makes software for implementing various networking protocols. While Treck might be a low-profile company few have heard of, its code has nevertheless found its way into millions of connected devices, from medical pumps and office printers to utility grid systems and aviation components.
That's because Treck's TCP/IP code stack - an embedded library - is known for its high performance and reliability. The code is apparently particularly well-suited for low-power IoT devices and real-time operating system usage.
On Tuesday, however, Israeli cybersecurity consultancy JSOF disclosed 19 vulnerabilities in the TCP/IP code after previously reporting the flaws to Treck, which has prepared a fix. JSOF's findings follow another large-scale problem affecting IoT devices coming to light, in that case in the Universal Plug and Play protocol (see: UpNp Vulnerability Could Affect Billions of IoT Devices).
Information about the Ripple20 flaws has been circulating privately since last year, as researchers, vendors and security experts worked to coordinate fixes and alert relevant parties. JSOF notes that it reached out to agencies such as the CERT Coordination Center and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency once it realized how challenging it would be to identify all companies and products that utilize the vulnerable code from Treck
Semiconductor manufacturer MaxLinear confirmed this week that it was hit by the Maze ransomware gang in April and some "proprietary information" was exfiltrated and personally identifiable information exposed.
MaxLinear notes in a Tuesday 8-K SEC filing: "We have no plans to satisfy the attacker's monetary demands. On June 15, 2020, the attacker released online certain proprietary information. We have engaged a third party capable of safely evaluating information posted on malicious websites to advise us with respect to the content of the information posted."
In a data breach notification sent to the California attorney general's office, the company states that it discovered the attack on May 24. But further investigation revealed the intruders were inside the company's network from April 15 to May 24.
MaxLinear produces processors that are used by telephone, cable and satellite operators, set-top box manufacturers, networking equipment providers and consumer technology providers, according to the company's website.
The PII accessed by the Maze gang included name; personal and company email address and personal mailing address; employee ID number; driver's license number; financial account number; Social Security number; date of birth; work location; compensation and benefit information; dependent information; and date of employment, according to the SEC filing and the notice with California authorities.
The company did not indicate if this information is for employees, customers or both nor how many people were affected and declined to comment further.
The National Cybersecurity Center of Excellence
(NCCoE) has released the final version of National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide Special Publication 1800-16, Securing Web Transactions: Transport Layer Security (TLS) Server Certificate Management. See the two-page fact sheet for an overview of the project.
This practice guide can benefit executives, chief Information security officers, system administrators, or anyone who has a stake in protecting his or her organization's data, privacy, and overall operational security.
For ease of use, the final guide is available to download or read in volumes:
Or download the complete guide (PDF)