Records of up to 25,000 Homeland Security staff hacked in cyber-attack

Records of up to 25,000 Homeland Security staff hacked in cyber-attack

Associated Press in Washington
theguardian.com, Friday 22 August 2014 20.48 EDT

Anonymous official says number could be even greater as department warns employees to check bank accounts

The internal records of as many as 25,000 employees of America’s Department of Homeland Security (DHS) were exposed during a recent computer hack at a federal contractor that handles security clearances, an agency official said on Friday.

The official, speaking anonymously, said the number of victims could be greater. The incident is under active federal criminal investigation.

The department was informing employees whose files were exposed in the hacking against contractor USIS and warning them to monitor their financial accounts.

Earlier this month, USIS acknowledged the break-in, saying its internal cybersecurity team had detected what appeared to be an intrusion with “all the markings of a state-sponsored attack”.

Neither USIS nor government officials have speculated on the identity of the foreign government.

USIS, once known as US Investigations Services, has been under criticism in Congress in recent months for its performance in conducting background checks on National Security Agency systems analyst Edward Snowden and on Aaron Alexis, a military contractor employee who shot 12 people dead in Washington in September 2013.

Private contractors perform background checks on more than two-thirds of the 4.9 million government workers with security clearances, and USIS handles nearly half of that number.

It is not clear when the hacking took place, but DHS notified all its employees internally on 6 Aug.

At that point, DHS issued “stop-work orders” preventing further information flows to USIS until the agency was confident the company could safeguard its records.

At the same time, the Office of Personnel Management (OPM) temporarily halted all USIS background check fieldwork “out of an abundance of caution,” spokeswoman Jackie Koszczuk said.

Officials would not say whether workers from other government agencies were at risk. DHS will provide workers affected by the intrusion with credit monitoring.

The risk to as many as 25,000 DHS workers was first reported on Friday by Reuters.

A cybersecurity expert, Rick Dakin, said the possibility that other federal departments could be affected depends on whether the DHS records were “segmented, or walled off, from other federal agencies’ files inside USIS.

“The big question is what degree of segmentation was already in place so that other agencies weren’t equally compromised,” said Dakin, chief executive of Coalfire, a major IT audit and compliance firm.

Users question Facebook Messenger app

IMG_1959.JPG

Users question Facebook Messenger app
By Marjorie Sturgeon. CREATED 11:15 AM
OMAHA, Neb. (KMTV) – Facebook’s recent move to get mobile users to download its Messenger app is getting a lot of criticism.

Those who use Facebook on their mobile devices must now download the app to see messages from other users.

Facebook says Messenger, which works just like texting, will be faster and new messages will appear instantly.

Complaints left in the iTunes App Store range from privacy concerns to usability and being forced to make the change.

To avoid having to download the app, users can go to the mobile version through a web browser.

8 Penetration Testing Apps For Android Devices!

8 Penetration Testing Apps For Android Devices!

Perform pen test while you’re on the move with these apps on your Android device!

IMG_1944.JPG

Monday, January 13, 2014: The PC market is declining day by day as the smartphone and tablet market rises. When they say that smartphones and tablets can do almost everything that PCs can they aren’t all that wrong. A very good example of that is the penetration testing capabilities that these devices hold. Here is a list of apps that you can use on your Android-based device in order to Pen Test a network.

1. dSploit: This is a penetration testing suite for Android networks. It has all-in-one network analysis capacities and is available for free. The app is easy to use and quite fast. It runs on Android 2.3 Gingerbread or higher.

2. Network Spoofer: This app can be used in order to change websites on other people’s computers from your Android-based smartphones. Although this is not exactly a penetration testing tool, it can still show you how easy or difficult it is to hack a particular network.

3. Network Discovery: This free app for Android-based devices and doesn’t need the user’s phone to be rooted. It has a simple user interface and is quite easy to use. The app helps you to gather information on the network that you are connected to.

4. Shark for Root: This is a traffic sniffer that is meant for your Android device. It works pretty easily on both WiFi and 3G networks. The app comes with Shark Reader that can be used to view the dump on your smartphone. In addition, there is Wireshark, which allows you to open the dump on your system.

5. Penetrate Pro: This is an Android app that can be used for WiFi devoding functions. The newest version of this app has also added a number of nice features. You can also use the app to calculate WAP/WEP keys for wireless routers. Many antivirus apps flag Penetrate Pro as a virus. The app though doesn’t harm your device.

6. DroidSheep [Root]: This is a session hjacking tool that can be used on Android devices. This penetration testing tool can be used for security analysis in wireless networks. The DroidSheep app can be used in order to hijack most web accounts.

7. DroidSheep Guard: This app has also been developed by the developers of Droidsheep and does not need a device to be rooted. You can use the app to monitor ARP tables of Android-based devices and ARP-spoofing attacks on networks being performed by DroidSheep, FaceNiff and other apps of the kind.

8. WPScan: This is a WordPress vulnerability scanner. The app can be used in order to scan a website created on WordPress and find the security vulnerabilities that it has. The desktop version of the app though is more powerful than the Android version.