Tag: records | SpinSafe

NSA is buying Americans’ internet browsing records without a warrant

January 28, 2024/in Internet Security

Image Credits: Brooks Kraft LLC / Corbis / Getty Images

The U.S. National Security Agency is buying vast amounts of commercially available web browsing data on Americans without a warrant, according to the agency’s outgoing director.

NSA director Gen. Paul Nakasone disclosed the practice in a letter to Sen. Ron Wyden, a privacy hawk and senior Democrat on the Senate Intelligence Committee. Wyden published the letter on Thursday.

Nakasone said the NSA purchases “various types” of information from data brokers “for foreign intelligence, cybersecurity, and authorized mission purposes,” and that some of the data may come from devices “used outside — and in certain cases, inside — the United States.”

“NSA does buy and use commercially available netflow data related to wholly domestic internet communications and internet communications where one side of the communication is a U.S. Internet Protocol address and the other is located abroad,” Nakasone said in the letter.

Netflow records contain non-content information (also known as metadata) about the flow and volume of internet traffic over a network, which can reveal where internet connections came from and which servers passed data to another. Netflow data can be used to track network activity traffic through VPNs and can help identify servers and networks used by malicious hackers.

The NSA did not say from which providers it buys commercially available internet records.

In a responding letter to the Office of the Director of National Intelligence (ODNI), which oversees the U.S. intelligence community, Wyden said that this internet metadata “can be equally sensitive” as location data sold by data brokers for its ability to identify Americans’ private online activity.

“Web browsing records can reveal sensitive, private information about a person based on where they go on the internet, including visiting websites related to mental health resources, resources for survivors of sexual assault or domestic abuse, or visiting a telehealth provider who focuses on birth control or abortion medication,” said Wyden in a statement.

Wyden said he learned of the NSA’s domestic internet records…

Source…

Malware could have taken down St. Lucie County Sheriff records system

November 22, 2023/in Computer Security

ST. LUCIE COUNTY — The Sheriff’s Office has been unable to process records requests since early this month due to “network issues,” the latest county-government operation to be left unable to perform critical functions because of computer issues.

Residents and others have tried unsuccessfully to get copies of important traffic crash reports that are often required for insurance claims or legal proceedings.

“The Sheriff’s Office is currently experiencing network issues,” according to a Sheriff’s Office Facebook post from Nov. 2, nearly three weeks ago. “As a result, we are unable to process public records requests at this time. This includes copies of traffic crash reports, incident reports, etc. Thank you for your patience as we work to resolve this.”

Could it have been a security breach?

In a written statement Monday, Sheriff Ken Mascara indicated that his office’s outage may have been the result of a security breach.

“We are making sure our system is clean of any malware. Unfortunately, this process takes time. We apologize for any inconvenience,” Mascara said.

In an email Monday, a Sheriff’s Office spokesperson declined to provide further updates on the outage or say whether it is related to outages the previous week at the county commissioners‘ and tax collector’s offices, the latter of which has been claimed by a notorious hacker group. Those outages, which began Oct. 27, were also initially attributed to “network issues.”

Source…

ECHN cyberattack compromised Social Security numbers, medical records

October 3, 2023/in Computer Security

The cyberattack against the Eastern Connecticut Health Network in August resulted in the theft of employee and patient names and Social Security numbers, as well as patients’ confidential health and financial information, according to an attorney representing Prospect Medical Holdings — ECHN’s parent company.

In a letter to the Connecticut attorney general’s office on Friday, Sarah Goldstein, an attorney representing the California-based Prospect, provided an update on the attack.

In the letter, which was obtained by CT Insider, she wrote that Prospect’s computer network was infiltrated and the hackers “accessed and/or acquired files that contain information to certain current and former employees and dependants” of Waterbury Hospital, Rockville General, and Manchester Memorial hospitals.

“For Prospect Medical employees and dependents, the information involved may have included their names and Social Security numbers,” Goldstein wrote.

Patients’ compromised information varied, she wrote, but it includes names, addresses, dates of birth, diagnosis, lab results, medication, and other treatment information, along with insurance information, doctors and facilities visited, dates of treatment, and financial information.

“For some patients, the information may have included their Social Security and/or driver’s license numbers,” Goldstein wrote.

Elizabeth Benton, spokeswoman for the attorney general’s office, said that the state was verbally told that Social Security numbers were compromised.

Prospect first admitted in August that confidential information was compromised, but had not publicly detailed what information had been potentially stolen until Friday’s letter to the attorney general’s office.

Prospect mailed notification letters through the U.S. Postal Service’s first-class mail to people whose information may have been compromised, including 24,130 Connecticut residents, she wrote.

The hack also resulted in patient information from Prospect’s hospitals in California.

Of the 63 Connecticut residents that were patients at Prospect’s California…

Source…

Harnessing DNS TXT Records for Malware Execution

September 21, 2023/in Computer Security

Threat actors continue to formulate clever methods to infiltrate systems and compromise digital security. One such sophisticated technique involves the exploitation of DNS TXT (Text) records, a seemingly innocuous component of the Domain Name System (DNS). This blog post explores the mechanics of how threat actors utilize DNS TXT records to contain PowerShell commands and execute malware, shedding light on the technical intricacies and the implications for cybersecurity.

An Overview of DNS TXT Records

To understand this threat, it’s important to comprehend the basics of DNS TXT records. These records are a part of the DNS system, which acts as the Internet’s address book, translating human-readable domain names into IP addresses that computers can read, or understand. TXT records were originally intended for adding arbitrary text notes to a domain’s DNS settings. Over time, however, their versatility has been exploited by threat actors for malicious purposes.

PowerShell is a powerful scripting language built into Windows operating systems. It is legitimate and widely used for system administration tasks. Unfortunately, it has also become a favorite tool for threat actors due to its capabilities for executing complex commands and scripting.

Threat actors have turned DNS TXT records into a covert communication channel and malware delivery mechanism. Here is a simplified breakdown of the steps they take:

1. Crafting the Attack: The threat actor prepares a PowerShell command that serves as a malicious payload. This command could involve downloading additional files, running scripts, or even establishing a connection to a command and control server.

2. Encoding the Command: To obscure the malicious nature of the payload, threat actors encode the PowerShell command using various techniques like Base64 encoding. This encoding makes it more difficult for security solutions to detect the malicious content.

3. Storing the Command in DNS TXT Records: The encoded PowerShell command is inserted into the DNS TXT record associated with a domain controlled by the attacker. This can be a seemingly benign or compromised domain.

4. Triggering the Attack: The infected machine makes a DNS…

Source…

Tag Archive for: records

An Overview of DNS TXT Records