10/15/18: Dtex, Privacy, Insider Threat News: Are Insiders Helping Threat Actors Sell 35 Million Voter Records on the Dark Web? DHS Vulnerable to Insider Attacks
Threat intelligence provider Anomali opened the week in privacy and security news by announcing that it had discovered as many as 35 million voter records for sale on the dark web. The voter information found came from 19 states and contains PII and voting histories.
Doug Olenick from SC Magazine reported on the findings. According to Doug:
The malicious actors selling these databases include with their base price weekly voter registration updates for the buyer that, they claim from contacts within the state governments. This indicated the threat actors either had persistent access to the database electronically or was obtaining the information from a human source.
There are different ways that the threat actors may be accessing the data. Including obtaining it via publicly available records, data bases and insiders, a vector which came as no surprise to our CEO, Christy Wyatt. She told SC:
Threat actors frequently recruit and fool insiders into helping them to pull off data theft and abuse schemes. This research seems to indicate that insiders either knowingly or unwittingly helped the nefarious party to obtain voter information.
Texas-Sized BEC Scam
As if public school districts didn't already have enough to worry about. Today, SC Magazine reported that the Henderson school district was hit by a business email compromise (BEC) scam that led to a $600,000 loss. According to SC:
What has been made public is that on September 26 the district issued an electronic payment of $609,615.24 to RPR Construction Company Inc., which is overseeing work done on several district facilities, according to The Henderson News. On October 1 school officials discovered the payment did not go to RPR, but into fraudulent account and that the district was tricked into doing so through a BEC attack.
A sophisticated scam targeting businesses working with foreign suppliers and companies that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
BEC scams are likely one of the most common ways that attackers take advantage of negligent and vulnerable insiders. The Bureau says BEC scams cost organizations more than $12 billion in losses between 2013 and 2018.
Meanwhile, in Washington ...
At Nextgov, Joseph Marks reported that insider threats are alive and well in federal agencies. In DHS Research Wing Remains Vulnerable to Insider Threats, Marks wrote:
Employees, contractors and private sector partners of the Homeland Security Department’s science and technology wing could use their insider knowledge to undermine mission-critical systems and operations, according to a recent auditor’s report. The audit, released Oct. 1, is based on a six-month investigation by Homeland Security’s inspector general’s office, which concluded in June 2017.
Due to the classified nature of the audit, only a single-page exec summary is available to the public. It can be accessed here: (U) S&T Has Taken Steps to Address Insider Threats, But Management Challenges Remain
Nextgov had another scoop on federal insider threats last week too. This time, Jack Corrigan reported on survey findings put out by One Identity revealing that federal tech workers believe it would be easy to steal data. According to Corrigan:
More than 80 percent of federal tech workers said it would be “easy” to steal data from their agencies, and 39 percent said they’d potentially make off with sensitive information if they were angry enough at their employer, according to a report published Tuesday by One Identity. Only 16 percent of feds told researchers they wouldn’t be able to get their hands on critical data.
Music Really Does Touch Everyone, Everyone's Data at Least
Forbes' Thomas Brewster capped off last week's security news with a little ditty about how amateur hip-hop crew FreeBandz Gang gained access to TransUnion's TLO, a data bases that holds and processes personal information about everyone. According to Brewster, the rap crew used its access to TLO to engage in identity theft crimes that caused about $1.2 million in damages.
TLO is a TransUnion offering that is supposed to be used for legitimate business purposes, such as fraud mitigation, skip tracing, collections and asset recovery. It holds and processes information on the United States' entire population. Data stored includes personally identifiable information ranging across Social Security numbers to license plates to names and dates of birth. According to the cops, it was like having access to the "Holy Grail" of "internet-age scam" tools.
While all of the avenues FreeBandz used to access the service are not completely clear, at least one involved an insider. According to Brewster:
At least at times, the rap crew bought their way in with the help of another charged coconspirator, Lakesiah Norman. Norman had direct access to TLO through her part-time work at an unnamed Charlotte debt collection agency between May and October 2017. That’s according to a court document supporting her plea agreement, signed in May 2018.
Read the full story: How An Amateur Rap Crew Stole Surveillance Tech That Tracks Almost Every American