Tag Archives: Wisconsin

Security News for the Week Ending October 30, 2020

Louisiana National Guard Called in to Help Local Election Officials

According to tips, the state of Louisiana had to call out the National Guard after some number of small government offices across the state were hit by ransomware. Experts say the tools have the hallmarks of the North Koreans, so all of the major attackers – Russia, China, Iran and now North Korea – are all trying to compromise our elections. This problem is not going away. Credit: Business Insider

Attacks on Cryptocurrency Continue

A hacker stole $24 million of cryptocurrency service Harvest Finance, a company that allows users to arbitrage cryptocurrencies. The company was hit by a $570 million “bank run” after the attack. They claim they know who the attacker is. One more time, software has bugs and can be exploited. Who would have thunk? Credit: Coindesk

Ransomware Disables GA. County Election Database

This is both good news and bad news. Hall County, GA was hit by a ransomware attack earlier this month. The attack, disabled the voter database, along with other systems like phones. The county claims that they will still be able to run the election because they can manually verify signatures from voter registration cards. They are also using a state database that was not affected. This points out that attacking some small county in a state is probably not the best way to change the outcome of an election. Credit: Gainesville Times

Trump Website Briefly Defaced

One of the campaign’s websites was briefly defaced Tuesday night and the site was replaced by a message similar in style to the messages put on a website that the government seizes. The message looked like this:

Image

Of course the site had not been seized and it was returned to its normal state after a little while. To be honest, I am surprised not more has occurred given the other events going on in the country. This seems pretty childish, but we don’t know if the warning on the site is true; stay tuned.

Regarding the hack, CISA Director Chris Krebs said on Twitter, “Like I said yesterday, website defacements are noise. Don’t fall for these attempts designed to distract, sensationalize, and confuse. Ultimately they’re trying to undermine your confidence in our voting process.” Credit: Variety

Wisconsin Repubs Say Hackers Duped Them Out of $2 Million+

The Wisconsin Republican Party says that hackers scammed them out of more than $2 million of donors’ money using very traditional business email compromise attacks creating fake invoices from real vendors and paid to the hackers’ bank accounts. The Wisconsin Dems say that they have been targeted by over 800 attacks, but so far, none (that they know of) have been successful. Credit: AP

Why An Insider Threat Detection Program is Critical

Adams County, Wisconsin is now facing a crisis of confidence and likely some lawsuits as well.

Why?

On March 28, 2018, the county says, it uncovered “questionable activity” on county computer systems.

Three months later, in late June, their investigation was complete.

The result: 258, 120 people had their data illegally accessed.

Data included protected health information and tax information.

How did this happen?  Someone installed illicit software on some workstations (key logger software) to capture userids and passwords.  The key logging software was disabled when it was discovered in March.

They say that there is no indication that the information was used for identity theft.  At this point they are not offering people credit monitoring.  Since there is no indication of a problem, they are telling people that they should, using their own time and effort, register a fraud alert at the credit bureaus.

So who perpetrated this dastardly deed?

According to search warrants filed earlier this month, they are investigating the computer of Adams County Clerk Cindy Phillippi.

Well, you say, the filing of a search warrant does not mean it is true.

Sure enough – accurate.

But apparently the county is convinced enough that the personnel director has asked the Adams County Board to hear charges against Phillippi and requested that she be removed from her elected office.

Apparently, she allegedly installed key logger software on nearly all of the county’s computers because she wanted to investigate a county department head that she believed was using his county computer to access pornography.  Clearly she was not a computer expert.

Maybe in Wisconsin the county clerk is considered a law enforcement investigator.  Unusual, but who knows?

Now the county is going to spend tens of thousands of dollars reporting the breach to those affected, state and federal regulators, Health and Human Services and others.

The worst part – the software was installed on or around January 1, 2013 – MORE THAN FIVE YEARS AGO.

Way to go Wisconsin!

So what does this mean to you and me?

First, if you are a resident or employee of Adams County Wisconsin, it means that a nosy clerk probably accessed your data.

But, since most of us do not live in Adams County, that is likely not a concern for most of us.

This is a perfect example of a an insider threat.  A person, in a position of trust, used that trust to do something (all right, allegedly, but I think she basically copped to it) that will cost her her job, could land her in prison, will likely subject the county to lawsuits, will cost the county tens of thousands of dollars and cause 250,000 people some consternation. 

An insider threat program should detect this kind of activity.  Unless she was using stolen credentials, it should detect that she (or someone), without authorization installed software, was connecting to computers that she (or someone) should not have, was collecting large quantities of data and other unusual activities.

It is also not clear why it took over five years to detect this problem.

This small county (population 20,148) is going to have a potentially large budget issue – assuming they don’t have insurance and most do not – because of not dealing with the insider threat.

Source: Data Breach Today