Security News This Week: Hackers Hit a Nuclear Plant
News that a nuclear power plant has been the target of a cyber attack is deeply concerning, but you may have missed it, given all the headlines about election hacking this week. WikiLeaks has been steadily releasing batches of email hackers snatched from the account of Hillary Clinton’s campaign chair, John Podesta, and this week his Twitter account was also breached. It’s clearly past time for the Clinton campaign to review some basic security tips. And if you’re feeling overwhelmed and confused by everything that’s going on, an essay that WikiLeaks founder Julian Assange wrote 10 years ago helps to explain what the group may be trying to achieve during this election cycle.
In other news, the encrypted communication app Signal added disappearing messages, longtime security flaws still plague Internet of Things devices, and President Obama is thinking ahead to a not-so-distant future when a machine learning-trained artificial intelligence poses a significant cybersecurity threat. You know, typical president stuff.
And there’s more: Each Saturday we round up the news stories that we didn’t break or cover in depth but still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Yukiya Amano, the International Atomic Energy Agency director, told Reuters on October 10 that a nuclear power plant had been disrupted, though not shut down, by a cyber attack in the past two or three years. Though he would not provide any additional details about the incident, including where it took place, he cited it to emphasize the threat hacking poses to nuclear plants. “This actually happened and it caused some problems,” Amano said. “This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it’s the tip of the iceberg.”
Breach of Data Storage Company Exposes Personal Data from at Least 58.8 Million Accounts, if Not More
A leak containing data on more than 58 million users has popped up and been taken down around the web this week. According to research from the firm Risk Based Security, the database that the dump comes from is hosted by the data storage and hosting company Modern Business Solutions. The database contains personal information about users like names, IP addresses, birthdays, occupations, vehicle data, and e-mail addresses. Risk Based Security has some evidence that as many as 260 million user entries may have been compromised but can’t confirm because the database, which is compiled with MongoDB, has now been secured and is no longer accessible. Neither Risk Based Security nor Ars Technica has been able to reach Modern Business Solutions for comment. The leak notification service Have I Been Pwned? sent out tens of thousands of notifications about the breach based on the email and IP addresses it contains.
Though cabinet ministers were allowed to wear Apple Watches while former United Kingdom Prime Minister David Cameron was in office, his successor, Theresa May, no longer permits them. The prohibition is the result of concerns that the watches could be turned into listening devices, especially by Russian hackers. Cell phones are already banned in UK cabinet meetings.
Google updated its transparency report with data about government information requests from the first half of 2016. Continuing a steady trend, the total number of requests is up from the previous reporting period—44,943 this time, versus 40,677 for the second half of 2015. Google produced user information for 64 percent of the requests, the same as in the last reporting period. Google received requests for the first time from Algeria, Belarus, Cayman Islands, El Salvador, Fiji, and Saudi Arabia during the first half of 2016. Foreign Intelligence Surveillance Act (FISA) requests are also way up this year. Google says it has received 21,000-21,499 of them so far in 2016 compared to 16,000-16,499 in the last period. (Companies are only legally permitted to report on FISA requests in ranges.)
On October 11, Microsoft patched five previously undisclosed zero-day vulnerabilities in Internet Explorer, Edge, Windows and Office services, including some that the company says it observed being exploited in the wild. The company is also transitioning to a new patch deployment system, which includes pushing unified updates for its legacy operating systems: Windows 7 and 8, and Windows Server 2008 and 2012.
Read original article: