Community Health Systems Hacked – 4.5 Million Records Stolen

Medical Recrods Hacked

Chinese hackers seem to be at it again. This time hitting Community Health Systems, a large US medical group that runs over 200 hospitals in 29 states. According to reports from Foxnews, the attackers were able to steal 4.5 million records.

A filing with the U.S. Securities and Exchange Commission stated that computer security company Mandiant assisted in the forensics investigation and “believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the Company’s systems.

According to the filing the data was “non-medical patient identification data” and did not include “patient credit card, medical or clinical information“. The company is notifying the affected patients and apparently offering them identity theft protection services.

As financial information was not recovered, the information would most likely be used in further social engineering type attacks – for example, using the information gained to attempt to access patients accounts or data from other companies or websites.

For those interested in learning more about Mandiant and their research of Chinese APT attacks, check out their “APT1: Exposing One of China’s Cyber Espionage Units” intelligence center report.

Twitter Hacked: About 250,000 User Accounts Possibly Compromised

Seems to be the week for large media attacks. The NY Times and WSJ were hacked earlier this week and Twitter announced earlier today that they had a security breach and the credentials for about 250,000 accounts could have been compromised.

“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.

As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.”

Apparently the culprit of the breach was, drum roll please, a Java vulnerability. Twitter recommends disabling Java if it is not necessary, use different passwords for each site and if you are using weak passwords to change them now!

“Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised.”

Apparently Twitter was able to catch the hacker in progress and shut him out. They are working with Law Enforcement agencies to track the attackers and shut them down.

No source has been mentioned as to who the hackers were or where they were from. There was a lot of finger pointing at China earlier this week with the NY Times and WSJ attacks, not sure if I buy into that at this point. China (at least the military backed hackers) is usually more interested in cyber espionage and targets of strategic importance.

US Department of Defense Cyber Crime Center Website Down

DC3 Down

Just going through the Twitter feeds and one of our favorite security professors that we follow mentioned that the US Department of Defense Cyber Crime Center (DC3) was down:

DC3 Down Twitter

As this article is posted, the site still appears to be offline, see screenshot above from the “Down for Every One or Just Mewebsite.

A quick check of through also shows that numerous global DNS servers can’t communicate with it:

DC3 DNS Propagation

It doesn’t seem to be completely down as pinging the address does return a response from the hosting company. But the web server is definitely offline.

According to Wikipedia, “The Department of Defense Cyber Crime Center (DC3) is an United States Department of Defense agency that provides digital forensics support to the DoD and to other law enforcement agencies. DC3’s main focus is in criminal, counterintelligence, counterterrorism, and fraud investigations from the Defense Criminal Investigative Organizations (DCIOs), DoD counterintelligence groups, and various Inspector General groups. The Air Force Office of Special Investigations is the executive agent of DC3.

DC3 also hosts a popular annual Digital Forensics Challenge.

Not sure at this point if it is just a technical problem, scheduled maintenance or possibly the work of hacktivists. Though a quick search of the normal hacktivist news feeds didn’t net anything.

We will post an update as soon as we know more.

Hackers and Predators – The Dangers of Social Networking

Social Engineering and Phishing attacks (bad guys pretending to be someone else to obtain information from you) are some of the biggest threats against your network today. Why would hackers spend days, months, years trying to hack through a firewall or corporate website when they can get quick access by tricking someone to open a backdoored document or run a remote access program?

But how do these attackers know who to attack in a corporate network, or the best way to word a malicious communication attempt to get you to click on it?

Social Media sites!

Two years ago I became aware of a tactic of hackers gaining access to systems by targeting teens. Hackers created malicious sites based on popular teen based movies and pop stars. Now it seems that hackers and cyber criminals have shifted a lot of focus to social media sites.

Hackers target social sites like LinkedIn and even Facebook to to obtain tons of information about potential targets. As a matter of fact, Social Engineers have created bogus LinkedIn users and used a programming interface to easily search for users at a particular place of business and pull a lot of information from their account that could be used in a Social Engineering attack.

Unfortunately there is also a disturbing trend of stalkers and predators possibly using social media sites to track or find potential victims. For over a year and a half, the community awareness website showed internet users how easy it was to pull geotag information from pictures posted on social media sites. They would post a picture pulled from a social site along with the posters user name and… Their Location!

Sadly a recent story by the Associated Press talks about how predators in Indonesia were using Facebook to solicit young teenage girls, and then kidnap and traffic them:

“When a 14-year-old girl received a Facebook friend request from an older man she didn’t know, she accepted it out of curiosity. It’s a click she will forever regret, leading to a brutal story that has repeated itself as sexual predators find new ways to exploit Indonesia’s growing obsession with social media.

The junior high student was quickly smitten by the man’s smooth online flattery. They exchanged phone numbers, and his attention increased with rapid-fire texts. He convinced her to meet in a mall, and she found him just as charming in person.”

The young girl was smitten by the online user’s charm. The simple friend request, exchange of information and finally an in-person meeting led the 14 year old girl into the hands of a 24 year old predator. The monster kidnapped her, she was drugged, beaten and raped.

According to the article there were 7 girls this month in Indonesia who were abducted by people they had met on Facebook.

People are way to trusting on Social Media sites. Do not friend people that you do not know. Be careful how much information you put on business sites like LinkedIn. Keep an eye on young users using social media and warn them about the potential risks of strangers.

Social media is a great thing, it helps us keep in touch with friends, family and co-workers. But there are dangers with online networking. Surf safely!