|
Cyber Daily: U.S. Charges Chinese Nationals in Hacking Schemes | Dunkin' Agrees to Repay Customers Cheated in Data Breach
|
|
|
|
|
|
Good day. U.S. law enforcement officials laid out charges against five Chinese nationals accused of hacking more than 100 organizations, The Wall Street Journal reports. Victims include software firms, social-media and videogame companies, universities and foreign governments, the Justice Department says.
Also today: Dunkin' Brands agrees to settle New York lawsuit over loyalty-card breach; U.S. charges Russian nationals who allegedly stole cryptocurrencies; House passes Internet-of-Things security bill; and hacker says he triangulated data on Instagram, Qantas Airways to discover details about Australia's former prime minister.
|
|
|
|
|
Deputy Attorney General Jeffery Rosen revealed indictments against alleged Chinese hackers on Wednesday. PHOTO: TASOS KATOPODIS-POOL/GETTY IMAGES
|
|
|
U.S. charges Chinese nationals in cyberattacks on more than 100 companies. Federal prosecutors unsealed charges Wednesday against five Chinese citizens that officials say appear linked to Chinese intelligence, accusing them of hacking more than 100 companies in the U.S. and overseas, including social-media firms, universities and telecommunications providers.
Two Malaysian businessmen were arrested Monday in Malaysia and accused of conspiring with some of the Chinese hackers to profit from intrusions into the videogame industry, Justice Department officials said.
The charges, laid out in three separate indictments, build on several other cases brought against accused Chinese hackers during the Trump administration, which has characterized Beijing’s cyber-enabled theft of intellectual property as a grave national and economic security threat.
The alleged hacking campaign was described by Justice Department officials as the handiwork of Advanced Persistent Threat 41, or APT 41, a Chinese cyber squad that U.S.-based cyber firm FireEye has identified and linked to a range of malicious cyber activity against targets in sectors including finance, health care, real estate and the U.S. defense industrial base. FireEye on Wednesday said that APT 41 was currently the most prolific Chinese hacking group it tracked.
U.S. law-enforcement agencies rarely succeed in arresting foreign hackers, and officials called the arrests in Malaysia a victory for international cooperation. The Chinese Embassy in Washington didn’t immediately respond to a request for comment. China has previously denied U.S. accusations of malicious cyber activity.
Read the full story.
|
|
|
|
|
28,581
|
Number of information security incidents federal agencies reported in the fiscal year 2019, according to the Office of Management and Budget. That's down 8% from fiscal 2018's 31,107 incidents.
|
|
|
|
|
New York Attorney General Letitia James reached a settlement with Dunkin' Brands over a data breach between 2015 and 2018. PHOTO: KATHY WILLENS/ASSOCIATED PRESS
|
|
|
Dunkin’ Brands settles New York data-breach case. The company agreed to reimburse customers whose loyalty cards were abused after a data breach between 2015 and 2018, Restaurant Business reports. New York Attorney General Letitia James sued Dunkin’ Brands in 2019, accusing the company of failing to notify 20,000 customers that their accounts had been compromised. The company also agreed to pay $650,000 in penalties and costs to the state. Dunkin’ Brands said it already had put in place the security measures spelled out in the settlement, such as resetting customer passwords.
U.S. charges two Russian nationals who allegedly stole cryptocurrencies. Prosecutors say Danil Potekhin and Dmitrii Karasavidi defrauded three cryptocurrency exchanges and their customers, resulting in losses of at least $16.8 million, WSJ's Risk & Compliance Journal reports. The men were charged in the U.S. District Court in San Francisco with aggravated identity theft, conspiracy to commit computer fraud and conspiracy to commit money laundering, among other charges, for their alleged roles in a sophisticated hacking and market-manipulation scheme, prosecutors said Wednesday. Efforts to reach Messrs. Potekhin and Karasavidi were unsuccessful.
House passes Internet-of-Things cybersecurity bill. The IoT Cybersecurity Improvement Act would mandate baseline security provisions for connected devices used by the federal government, Federal News Network reports. More than 25 billion such devices are expected to be in use within five years, according to Rep. Robin Kelly (D., Ill.), a co-sponsor of the bill. “Before we increase our cyber surface vulnerability that exponentially, shouldn’t we make sure that the stuff that the federal government buys is at least patchable?” he said. The bill now heads to the Senate.
|
|
Passport details of Australia's former prime minister hacked. Working from Tony Abbott's Instagram post showing a photo of a Qantas Airways boarding pass, a hacker says he figured out Mr. Abbott's passport and phone numbers. (Gizmodo)
|
|
|
|
|
|