Law Firm Goodwin Procter Hacked
Goodwin Procter managing parnter Mark Bettencourt confirmed that some of their clients’ data was compromised. But not to worry; it only affected a small percentage of their clients. One more time, we have a “supply chain attack”. While the vendor was unnamed, I suspect it was Accellion. They suffered a breach that is all over the news due to the high profile targets that suffered a loss. So now a very high profile law firm has to explain to its clients why its security was not good enough to protect their most sensitive data. If you are a client of a law firm, how confident are you that they can protect your data? Credit: ABA Journal
What Does This Mean for Cities?
Salesforce is joining other big tech companies in changing the work-life equation. This week they announced that most staff, after Covid, will only be in the office 1-3 days a week, many workers will never return to the office and a few workers will be in the office 4-5 days a week. This means that work from home security is now permanent, but it also questions the implications for downtown big cities. Salesforce has 9,000 workers in San Francisco. If half of them never come to the office and another 30% come to the office 1-2 days a week, what does this mean for downtown retail and office space? Credit: MSN
State Department Declassifies Report on Cuba’s Sonic Weapon
You may remember reports of Cuba having a secret sonic weapon back in 2017-2018. A newly declassified report by the State Department’s own Accountability Review Board lambasted the department’s response to the attack as lacking leadership, having ineffective communication and being systemically disorganized. There are 104 pages of detail, but none of them paint the previous administration favorably. As a result of the botched investigation we will probably never understand what the weapon was that Cuba attacked us with. Credit: Vice
Ex-Students Plead Guilty to Stealing and Trading Nude Pics and Vids
Two former SUNY Plattsburgh (NY) students pleaded guilty to hacking coeds’ MyPlattsurgh portal accounts and stealing nude pictures and videos. The portal contains full access to the students’ email, cloud storage, college billing, financial aid, coursework, grades and other personal information. They either guessed passwords or guessed security question answers. When the found nude photos and videos, they traded them with others, in some cases identifying the students by name. They even posted some photos online. Credit: The Register
IRS Warns Tax Pros of Identity Thieves Targeting Them
The IRS is warning tax professionals hackers are trying to steal their electronic tax filing credentials so that they can file fake returns and those returns will be tied to those same tax pros. If you are a tax pro and need help, please contact us. Credit: Bleeping Computer
Are You the Victim of Covid Fraud?
As if Covid wasn’t bad enough, there are widespread stories of people getting tax forms for their Covid unemployment benefits -benefits they never applied for and never received, but which are considered taxable income. In California alone, crooks stole at least $11 billion in unemployment benefits by stealing people’s identities and getting the benefits deposited in accounts they control. But the victims will get the tax forms and have to deal with convincing their state and the IRS that they did not get those thousands in income. Credit: Brian Krebs
Paper – Now That’s Secure
Now that the Department of Justice has admitted that (likely) Russia hacked their confidential court filings, exposing search warrants, terrorism investigations and other stuff that should have remained sealed, they have a simple solution. Last week the federal court system issued an order that says that highly sensitive documents (likely those that the court would seal) must be filed on paper and any order or rule of any federal court or judge to the contrary is null and void. Problem solved. Credit: The Register
Billions of Emails/Passwords for Free
Someone has posted a file with 3.2 unique emails and passwords in clear text on a popular hacking forum. This data is a combination of many breaches but is a great input for password stuffing attacks since people love to reuse passwords. For users, this is one more reason to use two factor authentication. Credit: Cybernews
Voting Machine Vendor Smartmatic Sues Fox for $2.7 Bil
Voting machine vendor Smartmatic is suing the Fox network, its hosts individually and Trump lawyers Sidney Powell and Rudy Giuliani for $2.4 billion after these folks made unsubstantiated claims that Smartmatic’s software changed millions of votes from Trump to Biden. Smartmatic says that this is not about the money; they want vindication, so this could get more than a bit nasty. Credit: The Register
T-Mobile is Being Very Aggressive in Deploying 5G
T-Mobile plans to spend $40 billion in the next 3-4 years upgrading its network to 5G and faster 4G. Some of that will be recovered by decommissioning Sprint’s old network. But speed is the issue. Their “low band” 5G is slightly faster than 4G. Their “mid band” might give a couple hundred megabits per second which is quite respectable for cell phones and its “high band” will give you gigabit. But their president of technology says this will take decades to blanket the entire country. For the moment, they appear to be ahead of AT&T and Verizon. Credit: SDX Central
Here in Colorado we are hearing stories that are likely being played out elsewhere.
A server went to file for unemployment benefits after being laid off and discovered that someone else was claiming benefits in their name.
This is a rotate on the old tax refund scam where someone claims a tax refund that is due to you.
In this case the crook obtains some personal information like name, birth date and social and filed for benefits IN A DIFFERENT STATE.
Historically, this has not been a problem for state unemployment departments but right now, with unemployment claims up by a factor of 10x and nationally by new claims are up by 20x, departments are probably doing a lot less due diligence than they need to be doing.
What is apparent is, like we saw a few years ago with tax refunds, the government was not and is not prepared to deal with fraud in unemployment claims. Hackers are always the leading edge.
Given that some of the systems that the states are using are 20, 30 and even 40 years old, it is highly unlikely that the states will create a systemic fix any time soon.
This person is apparently out of luck because they don’t know what state the claim was made in. I am guessing the states will need to be on the wrong end of a lawsuit in order for them to change this nationwide.
Even just trying to reach the state unemployment departments on the phone is more than a challenge.
For people who lost their job to be a victim of identity theft and have their safety net ripped out from under them – that is a huge problem with no quick fix.
The FTC recently did an experiment to see how quickly thieves used stolen data after it was posted on the dark web.
They created 100 fictitious consumers and gave them credit cards or bitcoin wallets. Each fictitious consumer had a name, email and passwords as well.
They posted the data twice – first on April 27th and then again on May 4th.
There are two kinds of thieves, the FTC says. Ones who run test transactions to see if the card still works and others who just make big purchases right off the bat.
After the data was published on May 4th, it took thieves NINE MINUTES to start using the data. On April 27th, it took a little longer – NINETY MINUTES.
In either case, it says that it doesn’t take very long.
In total there were over 1,200 attempts to use the bogus accounts. In addition, there were close to 500 attempts to access the bogus emails. The attempted transactions were for more than $12,000.
One note that the FTC did make – none of the accounts that had two factor authentication enabled were accessed. Almost everyone offers two factor authentication these days. We recommend that you use two factor authentication whenever it is available.
Information for this post came from CNN.