Security News This Week: Eddie Bauer Stores, Hotels and Hospitals Hacked
The National Security Agency works every day to find new ways to break into international networks, but it’s rare to see proof of that hacking bonanza out in the open. This week’s security news was dominated by a mysterious group called the Shadow Brokers, who launched an auction for data allegedly stolen from the Equation Group, an elite team of hackers with probable ties to the NSA. Though the auction itself was kind of a mess, the legitimacy of the stolen data and its connection to the NSA became more and more certain as the week went on. The NSA hangs on to some of the vulnerabilities it discovers instead of disclosing them so it can do intelligence gathering, but the Shadow Brokers situation demonstrates all too clearly how that practice can be problematic if zero days escape the agency’s control.
In other news, the Department of Homeland Security said this week that it would lead an initiative to protect US voting systems from cyber attacks. (The plan is still pretty vague and will probably benefit future elections more than this year’s). Researchers have shown that they can fool facial authentication security protections using 3-D rendered virtual reality models of faces made from publicly available photos found online. A new FCC complaint alleges that Baltimore City’s previously established misuse of cell tower simulators—often called stingrays—has racial undertones, disproportionately affecting minority communities. And Twitter is ramping up efforts to limit violent extremist user content on its site. The company announced that in the last year it’s suspended about 360,000 accounts for violating its terrorism policy and its reaction time is getting faster.
But there’s more: Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
A Defense Department Inspector General report shows that US Army accounting is in shambles and that the armed forces operation had to gloss over trillions of dollars of untracked spending in 2015 alone. The report said that the Army’s financial accounting for 2015 was “materially misstated.” A significant amount of financial data is simply missing, and what does exist is not reliably accurate. The scale of the problem is so large that it is hard to get an accurate sense of how much the army spends or needs to spend, which has obvious implications for political decisions related to the defense budget.
Apparel chain Eddie Bauer admitted on Thursday that credit and debit card number-stealing malware was lurking on the point-of-sale systems at its 350 stores between January 2 and July 17 of this year, endangering customer transactions. Eddiebauer.com purchases weren’t affected. The company says it will offer customers free credit monitoring.
Twenty hotels run by HEI Hotels & Resorts were infected with malware from March 1, 2015 to June 21, 2016, compromising financial information in transactions including at shops, bars, and hotel restaurants. HEI operates hotels through a number of brands and the malware affected 12 Starwood hotels, six Marriott International hotels, one InterContinental Hotels Group PLC hotel and one Hyatt in 10 states plus Washington D.C.. It’s hard to know how many individuals are affected, since people could have used their credit or debit cards for multiple transactions at the hotels. But the attack exposed thousands of transactions at each location. HEI says it is now using a different payment system on a separate part of its network while it investigates the situation.
A survey from Kaspersky Lab and IDC Financial Insights indicates that people are wary of mobile financial services because they fear their security implications. Of 1,015 respondents in the US and UK, 36 percent steer clear of mobile banking entirely, and 74 percent of these people said that the reason was security concerns. Even a majority of customers who use mobile banking services said they have doubts about how secure the systems are.