Facebook, banks, presidential candidates not immune to cybersecurity woes

Every day seems to bring new evidence that cybersecurity is a problem for everyone, including the wealthiest, most technologically sophisticated and politically powerful among us.

To wit: In the last several several days, security vulnerabilities have been identified at Facebook; Spotify; within Ted Cruz and John Kasich’s smartphone apps; and within Swift, the network used to transfer billions of dollars among banks around the world. The problem at Swift was particularly costly; it was exploited in an $81 cyber heist from the central bank of Bangladesh in February and reportedly in several other recent cyber scams as well.

In the Swift attacks, hackers were able to impersonate legitimate users of the system to send fraudulent messages over the network by obtaining valid log-in credentials. In the case of the Bangladesh bank, the hackers hid evidence of the fraudulent transactions by modifying the Swift program on the bank’s computers.

The network issued a software patch on Monday to block some malware that BAE, a British defense contractor, said was used in the Bangladesh Bank scam. But security researchers warned that the attacks may be the first of a coming wave; big banks are potentially much more lucrative targets than individual consumers or small companies.

But it’s not just big banks that are under attack or find their security under scrutiny. Tech Crunch reported Monday that log-in credentials for hundreds of Spotify accounts have been posted on Pastebin, a text sharing site. Spotify denied that it has been hacked, but Tech Crunch reported that the credentials appear to be genuine, are specific to Spotify and several users of the music service have reported that their accounts seemed to have been compromised lately.

Unlike with the Swift hack, no one appears to have taken a financial hit due to the Spotify problem. But users did report having their playlists altered, being blocked from accessing the service and having their contact email address changed.

A security researcher found a potentially more troubling breach at Facebook. As part of testing the social networking company’s security, Orange Tsai, who works for Devcore, discovered that an unkn0wn number of hackers had penetrated Facebook’s internal corporate network last year and possibly as recently as February. The hackers set up a way to log the user names and passwords of some 300 Facebook employees. Those credentials likely would have given them access to those employees’ email accounts as well as to the company’s private network and other software tools, Tsai told Reuters.

On Hacker News, a Facebook security employee said there was nothing to worry about. The breaches discovered by Tsai were actually exploited by another security researcher working for Facebook. And, he said, the software he accessed is kept separate from servers that host user data.

That may be somewhat reassuring to Facebook users. But if you are a fan of Ted Cruz or John Kasich, you may have other reasons to worry.

Security firm Symantec reported that apps built for the presidential campaigns of both men could expose personal data to third parties. The personal data collected by the apps isn’t encrypted before being transmitted to contenders’ campaigns. Thus the data could be read without problem should it be intercepted en route.

When it comes to cybersecurity, it’s best to live by the old “X-Files” mantra: “Trust no one.”

Photo: Mark Zuckerberg delivers the keynote speech at the Facebook’s F8 Developers Conference last week in San Francisco. (Karl Mondon/Bay Area News Group)

 

Tags: , , , , , , ,

 

Share this Post



 
 
 
  • David McDory

    This is why I never give anybody my real personal info.
    Why would Spotify need my real e-mail or address? It’s just a music service.

    Use 10-minute e-mail to open accounts when websites needs to “verify” your e-mail. This will safe you a lot of aggravation.

 
 
css.php