Tag Archive for data theft

| October 14, 2024
Comments Off on Data Breach Hits Internet Archive Users

Data Breach Hits Internet Archive Users

Updated—10/21/2024—The Verge reports that the Internet Archive is under the influence of attackers.  Despite being back online in Read Only mode, it seems the attackers control the IA help desk.  According to reports, the attackers have a Zendesk token and can intercept tickets.

Updated – 10/16/2024 – TechRadar reports that the attack used two attack vectors: TCP reset floods and HTTPS application layer attacks.  The TCP flood will flood a victim with vast numbers of Transmission Control Protocol (TCP) reset packets, which trick a computer into terminating its connection with others in its network.  An HTTPS application layer attack will typically aim to overwhelm servers by targeting the application layer to disrupt the normal traffic flow, rendering regular services unavailable.

Data Breach Hits Internet Archive UsersThe non-profit Internet Archive has been offline since Tuesday (10/09/2024).  Founded in 1996, the Internet Archive digital library provides “universal access to all knowledge.” Through the Wayback Machine, it preserves billions of webpages, texts, audio recordings, videos, and software applications.

Internet Archive founder Brewster Kahle posted on X (formerly Twitter) that the site was under a DDoS attack.

Internet Archive under DDOS attack

Later on Tuesday, the attack evolved.  The site started displaying a hacker pop-up notification.  After closing the message, the site loaded typically but very slowly.  The pop-up said:

JavaScript pop-up message claiming that the Internet Archive had been hacked

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?  It just happened.  See 31 million of you on HIBP!”


HIBP refers to Have I Been Pwned?, a website where people can check to see if their information has leaked from cyber attacks.

Finally, the pop-up was gone, along with the rest of the site, leaving only a placeholder message saying:

“Internet Archive services are temporarily offline.”

Stolen Internet Archive data

Stolen Internet Archive dataOn September 28, 2024, attackers stole the site’s user authentication database with 31 million unique records.  Bleeping Computer confirmed that Have I Been Pwned had received an “ia_users.sql” database file containing authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

Who is responsible

Who is responsibleThe hacktivist group SN_BlackMeta, which emerged in November 2023, claimed responsibility for the DDoS attack.  Cybersecurity firm Radware connected SN_BlackMeta to a pro-Palestinian hacktivist movement that utilizes DDoS-for-hire services like InfraShutdown.  SN_BlackMeta has launched other cyberattacks, including a record-breaking DDoS attack against a Middle Eastern financial institution.

It’s unclear if they are involved in the Internet Archive data breach.  The group said that it carried out the DDoS attack because the United States supports Israel and that the Internet Archive “belongs to the USA.”

Many social media users quickly pointed out that the Internet Archive is an independent non-profit organization not affiliated with the U.S. government.

Internet Archive Back online – sorta

10/14/2024, it is back in a limited read-only way

Internet Archive back online read only

rb-

Finally, what do you need to do if you have an account at the Internet Archive?

A compromised password is always a concern in any breach.  But in this case, the passwords were salted and hashed, making them difficult to crack through reverse engineering or brute force.  Still, once the Internet Archive returns, you should change your password to be safe.

Related article

 

Ralph Bach has been in I.T. for a while and has blogged from the Bach Seat about I.T., careers, and anything else that has caught my attention since 2005.  You can follow me on Facebook or Mastodon.  Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
| August 16, 2024
Comments Off on Protecting Your Email: How to Stay Safe

Protecting Your Email: How to Stay Safe

Protecting Your Email: How to Stay SafeNow is a good time to take steps to protect your email address.  The recent RockYou2024 data leak released 10 billion passwords, which are another part of your email.  Your email address can provide the bad guys with enough information to cause significant harm to your credit score, banking account, or career.

Is it Safe to Give Out Your Email Address?

WIs it Safe to Give Out Your Email Address?hile keeping your email address completely secret is nearly impossible, you must be cautious about who you share it with.  Only share your email address with trusted friends and business partners.  Create an email alias for general everyday browsing and shopping.  It will reduce junk mail and phishing risks.  You can create an email alias at:

What can they do with your Email address?

Our email inboxes contain a treasure trove of personal information that the bad guys can exploit.  With your email address, hackers can execute phishing attacks to obtain your login credentials, financial information, and contacts.  Here are some ways the bad guys can exploit your email address.

  1. Spoof Your Email Address: Hackers can spoof your email address to deceive others.  They create counterfeit sender addresses resembling yours to send fraudulent messages.
  2. Find Personal Information: A simple online search using your email address can reveal personal details like your name, friends, and workplace.
  3. Send Emails to Your Contacts: If hackers gain access to your email account, they can use it to send fraudulent emails to everyone in your contact list.
  4. Email virusesAccess Your Online Accounts: Logging into your email account allows hackers to access other online accounts linked to that email address.
  5. Steal Financial Information: Once hackers access your email, they can use phishing tactics to obtain your financial information.
  6. Blackmail You: Hackers can obtain your email address and password to access personal and potentially embarrassing information.
  7. Steal Your Identity: Hackers could potentially steal your identity if they access your email account and obtain personal documents like bank statements or tax records.

Steps to Stay Safe from Hackers

To protect your email address, minimize sharing it and consider the following:

  • Creating separate accounts for different purposes.  At the very least, individual email addresses should be provided for work and home.
  • Use strong, unique passwords.  For optimal security, strong, unique passwords are complex combinations of letters, numbers, and symbols that are long, not easily guessed, and not reused across multiple accounts.
  • A password manager can securely store passwords with strong encryption, two-factor authentication, and automatic lockout after inactivity.
  • Enable two-factor authentication for enhanced security.  Two-factor authentication is a security method requiring multiple credentials to verify identity.

If you have been hacked

Change your passwords immediately if you suspect unauthorized access to your email account.  Next, inform your contacts and monitor for signs of identity theft.  Another step is to freeze your credit at the credit bureaus.  When you place a security freeze, creditors cannot access your credit report.  This will keep them from approving any new credit account in your name, whether fraudulent or legitimate.  The big three credit bureaus are:

Last but not least, make sure your devices are protected against malware.

Related article

 

Ralph Bach has been in IT for a while and has blogged from the Bach Seat about IT, careers, and anything else that has caught my attention since 2005.  You can follow me on Facebook or Mastodon.  Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
| October 11, 2019
Comments Off on How Secure are Your Printers?

How Secure are Your Printers?

How Secure are Your Printers?Printers are under the security microscope again. Printers are IoT devices that sit on the network and never get updated. I have covered some of the problems that printers cause a number of times on the Bach Seat. And now more vulnerabilities have been identified by UK-based security consultancy NCC Group in six popular enterprise printers.

Vulnerabilities in printers

NCC Group logoThe research team was made up of Daniel Romero, managing security consultant and research lead, and Mario Rivas, security consultant at NCC Group. They identified several classes of vulnerabilities in printers including:

  • Denial of service attacks that could crash printers;
  • The ability to add back-doors into printers to maintain attacker persistence on a network.
  • The ability to spy on every print job sent to vulnerable printers.
  • The ability to forward print jobs to an external internet-based attacker.

Matt Lewis, research director at NCC Group told  ComputerWeekly,

Because printers have been around for decades, they’re not typically regarded as enterprise IoT [internet of things devices], yet they are embedded devices that connect to sensitive corporate networks and therefore demonstrate the potential risks and security vulnerability posed by enterprise IoT.

Who to blame

There is plenty of blame to share for most of these latest vulnerabilities. Mr. Lewis says the manufacturers are causing these problems by neglecting to build security into their products.

Finger point for printer vulnerabilitesBuilding security into the development life-cycle would mitigate most, if not all, of these vulnerabilities and so it’s therefore important that manufacturers continue to invest in and improve cybersecurity, including secure development training and carrying out thorough security assessments of all devices.

End-users have to take some of the blame as well according to NCC Group

Corporate IT teams can also make small changes to safeguard their organization from IoT-related vulnerabilities, such as changing default settings, developing and enforcing secure printer configuration guides, and regularly updating firmware.

Impacted printer models

The printers tested by the researchers were from HP, Ricoh, Xerox, Brother, Lexmark, and Kyocera.

The NCC Group found vulnerabilities in HP (HPQ) printers. The Color LaserJet Pro MFP M281fdw printers have buffer overflows, cross-site scripting (XSS) vulnerabilities, and cross-site forgery countermeasures bypass.

HP has posted firmware updates to address potential vulnerabilities to some of its Color LaserJet series. “HP encourages customers to keep their systems updated to protect against vulnerabilities,” the company said in a statement.

Lexmark logoThe vulnerabilities in Lexmark CX310DN printers NCC Group found include denial of service vulnerability, information disclosure vulnerabilities, lack of cross-site request forgery countermeasures, and lack of account lockout.

The NCC Group found Vulnerabilities in Kyocera (KYO) Ecosys M5526cdw printers. The security holes include buffer overflows, broken access controls, cross-site scripting vulnerabilities, and lack of cross-site request forgery countermeasures.

NCC Group identified stack buffer overflows, heap overflows and information disclosure vulnerabilities in Brother (6448) HL-L8360CDW printers.

The vulnerabilities reported in Ricoh (RICOY) SP C250DN printers include buffer overflows, lack of account lockout, information disclosure vulnerabilities, denial of service vulnerabilities, lack of cross-site request forgery countermeasures, and hard-coded credentials.

https://www.xerox.comNCC Group claims the Xerox (XRX) Phaser 3320 printer vulnerabilities include buffer overflows, cross-site scripting vulnerabilities, lack of cross-site request forgery countermeasures, and lack of account lockout.

All of the vulnerabilities discovered during this research have either been patched or are in the process of being patched by the relevant manufacturers. NCC Group recommends that system administrators update any affected printers to the latest firmware available, and monitor for any further updates.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,