Hollywood hospital hit with ransomware: Hackers demand $3.6 million as ransom

An internal emergency has been declared at a major US hospital in Los Angeles following a widespread ransomware-style cyberattack which has left staff unable to access vital patient data, it has been revealed.

@Copyright Hackingstuffs

The Hollywood Presbyterian Medical Centre, located in the heart of LA, is now dealing with hackers who are reportedly demanding over 9000 bitcoins – which equates to roughly $3.6m – to release the encryption keys to computer systems that hold patient data, X-Ray scans, CT scans and crucial lab work.
Why advertise with us

According to NBC Los Angeles, hospital president and chief executive Allen Stefanek said that staff first started to notice “significant IT issues” on 12 February, however reports indicate that the attack may have started over a week ago. Now, forensic computer experts from the Los Angeles Police Department (LAPD) and the FBI have been called in to investigate further.

An unnamed doctor has admitted that the hospital’s computer system was hacked and is currently being held for ransom, adding that departments are now communicating through fax machines because they have no access to email. Furthermore, a number of patients have been transferred to other hospitals.

Meanwhile, a separate report by Fox (Los Angeles) reaffirmed that the cyberattack has directly affected the ‘day-to-day’ operations of the hospital.

What is Ransomware attack?

Ransomware is a type of malware which restrict access to the infected computers. And ask users to pay money to get access back to the system. Some type of Ransomware will encrypt the system hard drive in a way that you need to pay to decrypt it. While some may simply lock the system and display messages intended to coax the user into paying. This type of attack got popular from 2013.

UK arrests teen suspected of hacking CIA chief

British authorities, with help from the FBI, have arrested a teenager who infiltrated the personal email account of the director of the CIA and posting personal details online.

The 16-year-old boy was arrested in the East Midlands on Tuesday Feb 09 as part of an investigation in to the data breach of John Brennan’s emails last year.

For the past several months, a group calling itself “Crackas With Attitude” has been disclosing private information associated with such high-ranking officials as CIA Director John Brennan, Director of National Intelligence James Clapper, Homeland Security Secretary Jeh Johnson.

Information about rank-and-file employees working for the FBI, Justice Department and the Department of Homeland Security were posted online this week, though sources described the pilfered information as amounting to an internal phone directory.

Authorities suspect so-called “social engineering” may have helped those responsible gain access to the federal systems, according to one U.S. official.

But a spokesman for the South East Regional Organized Crime Unit would neither confirm nor deny what he called “speculation” linking the arrest to the hacks targeting U.S. officials.

Social engineering essentially involves a hacker gaining access to a system by sending an email to someone and pretending to be a known or trusted associate of the recipient.

“There is no indication at this time that there is any breach of sensitive or personally identifiable information,” DHS said in a statement earlier this week.

But officials expressed concern that more sensitive information was accessed and could be released.

In October, a personal AOL email account associated with CIA Director Brennan, and containing personally identifiable information, was hacked, as was an account linked to DHS Secretary Johnson.

Sources said it did not appear Brennan used the account for government business after he became CIA director. Johnson’s targeted account also was not used regularly, sources said at the time.

U.S. authorities began to identify what they thought was a group of suspects at least two months ago, ultimately narrowing in on the 16-year-old in England, the sources said.

NYPD Union website allegedly hacked by Anonymous

A cyberattack which shut down a website for the NYPD captains union, targeting it with malware, union officials said.

NYPD Union Website Attacked By Anonymous

Anonymous Hackers Group, which supported the Occupy Wall Street movement recently started an online war with ISIS, Last friday corrupted the website of the Captain Endowment Association.

“There are indications the attack on our website was orchestrated by a group identifying themselves as “Anonymous” who have a history of targeting police websites across the country,” wrote the union’s president Roy Richter, in a letter to members.

This group hacked into California Statewide Law Enforcement Association’s website in 2012– and released it’s members’ addresses, as well as credit card information.

Richter wrote that the captain’s association does not store any personal information about union members on the website, so that no “confidential information has been compromised.”

The letter also noted that the association was adding new security protections to the website, and that the union considered the attack more an irritation than a threat.

Cosmetic surgery files hacked

Details of 500,000 people stolen and used in blackmail attempt

• Information submitted to Harley Medical Group accessed by hackers
• Security breach bid to blackmail high end cosmetic surgery firm
• ‘Russian hackers behind the breach’, it has been reported

Harley Medical Group

One of Britain’s best-known and biggest providers of private cosmetic surgery has been targeted by computer hackers, it was revealed last night.

Confidential personal details of nearly 500,000 people who made an enquiry about surgery via Harley Medical Group’s website were stolen in an apparent bid to blackmail the company.

Patients interested in surgery are asked to fill in an online form ahead of an appointment, with details including phone numbers, email address and date of birth.

That personal information was accessed and stolen in a security breach, the firm admitted in a letter to patients posted online.

The company carries out a range of cosmetic surgery from breast augmentations and reductions to facelifts and tummy tucks. It boasts to potential customers on its website: ‘Our No 1 goal is to look after you.’

But Peter Boddy, chairman of the company that is based in Thames Ditton, Surrey, and has 31 clinics nationwide, was forced to write to clients apologising for the security breach.

He reassured them that ‘clinical and financial information has not been compromised’.

Mr Boddy wrote: ‘We recently became aware that an unknown individual had deliberately bypassed our website security, gaining access to information from initial website enquiries in an attempt to extort money from the company.’

Later, Harley Medical Group posted on Twitter: ‘We’re sorry details of initial enquiries have been accessed illegally and assure clinical and financial information is secure.’

The company said that it had improved its security.

Last night The Sun reported that Russian hackers were responsible.

They claimed the crooks struck last month using a Russian email address to try and extort money from the firm and that stars of The Only Way is Essex, were among customers whose details were accessed.

No one from Harley Medical Group was last night available to comment.
Source : http://www.dailymail.co.uk

Top ‘good guy’ hackers to tackle biggest cyber challenges yet Read more: Top ‘good guy’ hackers to tackle biggest cyber challenges yet

According to Symantec, its upcoming Cyber Readiness Challenge will be the ultimate in cyber-defense readiness practice

Hackers – even the “good guy” breed – tend to be a shadowy bunch, keeping their identities as secret as they can. But on January 28, the identities of some of the best hackers in Israel will be unveiled, as they try to win an all-expense paid trip to the U.S., to see how security giant Symantec does cyber-defense.

The hackers, 50 of them, will be participating in the biggest-ever simulated “hack attack,” in the Israeli version of the Symantec Cyber Readiness Challenge – a worldwide and ongoing event in which “white hat hackers” (those who use their hacking powers to help, not hinder) will attempt to get to the bottom of a simulated “industrial espionage” attack against a large corporation.

By putting participants in the hacker’s shoes, said Symantec, it enables them to understand their targets, technology and thought processes so they can ultimately better protect their organization and themselves. Symantec, which makes anti-virus and security software, works in countries around the world, where it holds similar challenges, seeking out the best white-hat hackers, sometimes hiring them as well, the company said.

A hacker contest is like any other one, in that it has goals, rules, milestones, and points awarded. In the contest, hackers must conduct a cyber-investigation of an attack against a company’s site, figuring out who hacked them and how they did it, by counter-hacking shady Internet sites and servers. Points will be given for degree of success in hacking into the suspects’ servers, and for achieving 40 milestones (such as getting access to passwords, installing spyware, etc.). The winner of the contest will get an opportunity to talk to and work with top Symantec security personnel at the company’s headquarters in the U.S., all expenses paid.

The Challenge will take place at the annual ​Cybertech International Conference, sponsored by IsraelDefense, the Prime Minister’s National Cyber Bureau, and the Ministries of Foreign Affairs and the Economy. Speakers will include top figures and cyber-security professionals from Israel and the world, including Rick Kaplan, head of IBM Israel, Erek Kreiner of Israeli security company FiveC (he is also a former head of Israel’s National Information Security Authority), Dr. Orna Berry, head of EMC Israel, and David Chinn, cyber-security director of international consulting group McKinsey and Co., among others.

Sessions will include discussions on securing financial data, how to keep hackers from physically planting cyber-spy devices on equipment, disaster recovery, and privacy issues in the digital era – all issues that have been in the news recently, with the revelations on hackers stealing credit card information from large retail stores in the U.S., and the revelations on the gathering of information by the National Security Agency in the U.S.

Dozens of cyber-security start-ups will also be showing off their wares at the event, among them Seculert, which has been working on the recent hack attacks against Target and other retailers in the U.S., in which tens of thousands of customers had their credit card information stolen, and Covertix, which created a document technology that prevents unauthorized individuals from opening and reading files, alerting managers when a document’s security is compromised, automatically blocking usage if unauthorized use is suspected. Prime Minister Binyamin Netanyahu will open the event, speaking to participants about Israel’s cyber-defense policies and challenges.

But the highlight of the event promises to be the Symantec event, said Gili Netzer, VP of marketing at Symantec Israel. That’s because instead of talking about cyber-defense, the hackers will be practicing it. “The challenge is going to be very difficult, presenting participants with problems they have not come across yet,” said Netzer. “We intend to push them to their limit. In a world where hackers attack organizations, companies and whole countries at will, we need to be one step ahead of them, prepared to deal with attacks using the most advanced hacker techniques.”

Source : The Times Of Israel

FBI warns that Anonymous has hacked US government sites for a year

Activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week.

The hackers exploited a flaw in Adobe Systems Inc’s software to launch a rash of electronic break-ins that began last December, then left “back doors” to return to many of the machines as recently as last month, the Federal Bureau of Investigation said in a memo seen by Reuters.

FBI Warns Anonymous

The memo, distributed on Thursday, described the attacks as “a widespread problem that should be addressed.” It said the breach affected the U.S. Army, Department of Energy, Department of Health and Human Services, and perhaps many more agencies.

Investigators are still gathering information on the scope of the cyber campaign, which the authorities believe is continuing. The FBI document tells system administrators what to look for to determine if their systems are compromised.

An FBI spokeswoman declined to elaborate.

According to an internal email from Energy Secretary Ernest Moniz’ chief of staff, Kevin Knobloch, the stolen data included personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on almost 2,0000 bank accounts.

The email, dated October 11, said officials were “very concerned” that loss of the banking information could lead to thieving attempts.

Officials said the hacking was linked to the case of Lauri Love, a British resident indicted on October 28 for allegedly hacking into computers at the Department of Energy, Army, Department of Health and Human Services, the U.S. Sentencing Commission and elsewhere.

Investigators believe the attacks began when Love and others took advantage of a security flaw in Adobe’s ColdFusion software, which is used to build websites.

Adobe spokeswoman Heather Edell said she was not familiar with the FBI report. She added that the company has found that the majority of attacks involving its software have exploited programs that were not updated with the latest security patches.

The Anonymous group is an amorphous collective that conducts multiple hacking campaigns at any time, some with a few participants and some with hundreds. In the past, its members have disrupted eBay’s Inc PayPal after it stopped processing donations to the anti-secrecy site Wikileaks. Anonymous has also launched technically more sophisticated attacks against Sony Corp and security firm HBGary Federal.

Some of the breaches and pilfered data in the latest campaign had previously been publicized by people who identify with Anonymous, as part of what the group dubbed “Operation Last Resort.”

Among other things, the campaigners said the operation was in retaliation for overzealous prosecution of hackers, including the lengthy penalties sought for Aaron Swartz, a well-known computer programmer and Internet activist who killed himself before a trial over charges that he illegally downloaded academic journal articles from a digital library known as JSTOR.

Despite the earlier disclosures, “the majority of the intrusions have not yet been made publicly known,” the FBI wrote. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”