Tag Archive for: virginia

Virginia Retirement System hack demands transparency and accountability – Daily Press

/in


Through no fault of their own, thousands of Virginians are learning that their names, social security numbers, birthdates and partial addresses may have been exposed on the internet as part of a massive data breach affecting millions of Americans.

Most of those whose personal information may have been compromised are retired public employees who receive pension benefits through the Virginia Retirement System. VRS initially told Channel 8 News in Richmond that active members of the retirement system were not affected by the hack, but later backed away from that blanket statement. The hack compromised personal information of some survivors and beneficiaries of retirees, a group that includes some current teachers and other state employees. As many as 230,000 people may be affected.

Retirement systems in other states have also been targeted by the hackers, as have other public pension and private-sector retirement plans, state and federal agencies. California’s public employee retirement system, the largest in the nation, announced in June that hackers had stolen confidential data of about 769,000 retirees and beneficiaries.

How did this happen? After all, those in the commonwealth’s retirement system don’t have a choice about giving their personal information to VRS. Was VRS careless with the data in its files? The answer is complicated.

Like many other retirement systems, VRS contracts with a company called Pension Benefits Information to verify information about retirees and guard against overpayment. PBI, like many organizations around the world, uses the MOVEit Transfer software to share data, supposedly securely.

In May, a Russian ransomware group calling itself Clop apparently discovered a flaw in the MOVEit Transfer software and exploited it to gain access to a great deal of confidential personal information before the flaw was discovered and repaired.

Clop and similar cyber criminals steal data and then demand ransom in exchange for not making the information public. Clop wasn’t zeroing in on retired Virginia public employees, but all those whose personal details are now in the hands of unscrupulous crooks should be concerned.

It’s a fact of 21st century life:…

Source…

Virginia Tech, international partners debut first-of-its kind test bed for resiliency, security in space-based internet networks | VTx

/in


The soaring goal of Elon Musk’s Starlink and other satellite internet projects is to provide high-speed, low-latency broadband internet across the globe. But there are still some big questions that need to be answered — including how to build a resilient, secure network in space.

To examine such questions, Commonwealth Cyber Initiative (CCI) researchers at Virginia Tech have partnered with the University of Surrey in the United Kingdom to build the world’s first hardware-in-the-loop test bed that emulates the changing connectivity of a mega satellite constellation at scale. The researchers introduced the test bed at an intercontinental workshop July 12-13.

“We wanted to establish a shared community vision and brainstorm about what would be possible and what would be most useful in a space networking infrastructure,” said CCI researcher Jonathan Black, professor of aerospace engineering.

Besides uniting researchers and funding agencies on both sides of the Atlantic, the interdisciplinary workshop involved members of the satellite and aerospace community as well as the computer networking and communication communities, including researchers from Wireless@VT in the Bradley Department of Electrical and Computer Engineering and the Center for Space Science and Engineering Research (Space@VT).

Workshop speakers included representatives from NASA Goddard Space Flight Center and the National Science Foundation as well as Ella Atkins, Fred D. Durham Chair and incoming department head for the Kevin T. Crofton Department of Aerospace and Ocean Engineering.

“In order to repair, upgrade, and refuel in space, we need to build for efficiency and disruption,” said Atkins, who called into the workshop from her rural home via Starlink. “By grounding communications and networking in long-term space robotics, our researchers are building the future of space engineering.”

According to Atkins and Black, the future of space engineering requires effective communication — and the next step is connecting satellite networks.

Breaking out of space siloes

On the ground, network internet service providers are interconnected. A Verizon network user can talk with someone on an AT&T network,…

Source…

Investigators work to determine scope of ransomware attack that hit Virginia IT agency

/in


Posted: / Updated:

The Virginia State Capitol on Wednesday April 1, 2020, in Richmond, Va. (AP Photo/Steve Helber)

RICHMOND, Va. (WRIC) – Investigators looking into the ransomware attack on the Virginia legislature’s information technology agency won’t know more about its scope until just after the new year — or at least that’s the hope.

Click here to subscribe to our breaking news email alerts

A law enforcement investigation led by Virginia State Police is underway and the agency hit with the attack, the Division of Legislative Automated Systems (DLAS), is performing a forensic analysis.

DLAS teams working to fix the issue are conducting a “meticulous, around-the-clock forensic analysis” of the agency’s systems, servers and all connection points, according to its director Dave Burhop.

“A full forensic analysis generally takes several weeks to complete for a digital footprint that’s the size of our legislative systems and we are hoping to have the initial analysis completed just after the new year,” Burhop wrote in an email to 8News.  

The attack affected the computer systems for Virginia’s legislative agencies and commissions, including the Division of Legislative Services and the Division of Capitol Police. DLAS’ internal servers, including the system lawmakers use to draft and modify bills, were impacted as well.

With the 2022 legislative session set to begin Jan. 12, concern has grown over how the attack may affect operations for state lawmakers. Despite this, legislators have been able to file their bills for the upcoming session.

In a ransomware cyberattack, hackers typically infiltrate a computer network to hold the user’s data hostage by encrypting it and demanding they pay a ransom for the hackers to decrypt the data.  

The cybercriminals who hit DLAS provided a note “but details are scant”…

Source…

Bug Bounty Program pays off for cybersecurity at Virginia Tech

/in


Augusta Free Press

Published Sunday, May. 23, 2021, 9:17 am

Join AFP’s 100,000+ followers on Facebook

Purchase a subscription to AFP

Subscribe to AFP podcasts on iTunes and Spotify

News, press releases, letters to the editor: [email protected]

Advertising inquiries: [email protected]

business man computer
(© daviles – stock.adobe.com)

Not all hackers are up to no good. In fact, one of the most effective ways to prevent a security breach is to test cybersecurity defenses in much the same way a hacker would, by looking for vulnerabilities in your infrastructure. The main difference, of course, is that instead of exploiting vulnerabilities, you repair them.

In the cybersecurity world, this technique is called “red teaming.” It’s also the idea behind the new Virginia Tech Bug Bounty Program, which gives students and employees the opportunity to play hacker and earn cash rewards for identifying any vulnerabilities, or “bugs,” in specific university-owned domains.

Launched in March 2021, the Bug Bounty program is helping the IT Security Office (ITSO) expand the university’s cybersecurity efforts while engaging the Virginia Tech community.

“Cybersecurity at Virginia Tech has historically focused on defense capabilities [a.k.a. ‘blue teaming’], such as monitoring outbound traffic and encrypting sensitive data,” explained Brad Tilley, director of security architecture for the ITSO. “Red teaming plays offense to the blue team’s defense, taking a more active approach to cybersecurity by seeking out and flagging potential vulnerabilities before bad actors have a chance to exploit them.” Used in tandem, blue teaming and red teaming offer the best chance of maintaining secure systems and minimizing damage from external and internal threats.

However, scouring code for vulnerabilities can be a time-consuming process, even for the most skilled security analysts, and the ITSO red team staff is relatively small. “We realized that in order to grow our offensive capabilities given our resource constraints, we needed to look outside our own office,” Tilley said.

And what better place to look than right outside their office window?

“Virginia Tech has a huge and…

Source…