Creepy Voice that you heard from Your Baby Monitor is not of a Ghost


Beware of the cameras connected to the Internet or the security cameras and monitoring as these systems can be easily hacked by the hackers. It camera hacking has become a serious issue now as of the potential for unauthorized people to make video recordings.

Ontario Provincial Police (OPP) issued a warning on Wednesday reminding people that these systems can be susceptible to hackers because many have an option to be used remotely enabled by default after a family from southwestern Ontario witnessed on July 7 a baby monitor watching their young child when it suddenly began playing music and a voice said they were being watched.

According to Liz Melvin, the OPP Const, the child was about to sleep in the nursery when the camera was remotely activated.  


“The camera played some eerie music and a voice could be heard indicating the parent and child were being watched,” Melvin told National Post. “Obviously it’s going to be disturbing.”

She said the family’s Internet service provider confirmed the router had been hacked and the source of the hack could be from anywhere in the world.

Although, such kid monitor hacking cases have been reported every month, Melvin said no other incidences have been reported and she wasn’t aware of any past investigations into this type of camera hacking in the area.

She said there are no suspects in the case and the investigation is ongoing.

In a bid to protect, people should use passwords to protect access to the Internet connection and access to monitoring systems. Similarly, buy cameras from trusted sources and cover them cameras when not in use.

Researchers find out New Linux Backdoor

Security researchers from Doctor Web, a Russian Anti-malware company, have detected a new backdoor dubbed Linux.BackDoor.Dklkt.1 that targets Linux operating systems.

However, the signature of the backdoor has been added to Dr.Web virus databases. So, its Linux users are under reliable protection.

“It clear that creators of this malicious program planned to equip it with wide variety of powerful features, but bringing all their intentions to life proved rather problematic at the moment, not all of the program's components work as they should,” the researchers wrote in a blog.

The researchers have claimed that backdoor is supposedly of Chinese origin. They have said that the virus makers tried to create a multi-component malicious program encompassing a large number of functional properties.

“For example, they wanted to equip it with functions typical of file managers, DDoS Trojans, proxy servers, and so on,” they added. “However, not all of these plans were destined to see the light. Moreover, virus makers attempted to make a cross-platform program out of their creation; so that the executable file could be assembled both for Linux and Windows architectures. However, due to carelessness of cybercriminals, the disassembled code contains some strange constructions that have absolutely nothing to do with Linux.”

According to the researchers, the backdoor checks the folder from which it is run for the configuration file containing all operating settings. The file has three addresses of command and control servers. One of them is used by the backdoor, while the other two are stored for backup purposes. The configuration file is encrypted with Base64.

Once the backdoor gets activated, it tries to register itself in the system as a domain (system service). If the attempt fails, the backdoor terminates its work.

“Once the malicious program is successfully run, it sends the server information on the infected system; at that, the transmitted data is compressed with LZO and encrypted with the Blowfish algorithm. In addition to that, every packet contains a checksum, so that the recipient could verify data integrity,” the researchers explained.

Researchers have said that then Linux.BackDoor.Dklkt.1 waits for incoming commands that can include launching a DDoS attack, starting SOCKS proxy server, running a specified application, rebooting the computer or turning it off.

Google protests against US government's new legislation "Wassenaar Arrangement"

 
Google has protested against the proposed legislation changes in the “Wassenaar Arrangement”  that would let the US government control the export of security research and technologies.

Google’s legal team member Neil Martin, and Tim Willis, Hacker Philanthropist, Chrome Security Team, opposed the proposed legislation by saying “it will hurt general web users” in a blog post.

Blog emphasized on how the proposed changes will directly affect the security research, “The time and effort it takes to uncover bugs is significant, and the marketplace for these vulnerabilities is competitive. That’s why we provide cash rewards for quality security research that identifies problems in our own products or proactive improvements to open-source products. We’ve paid more than $4 million to researchers from all around the world - our current Hall of Fame includes researchers from Germany, the U.S., Japan, Brazil, and more than 30 other countries.”

According to the blog post proposed legislation changes would apply Wassenaar Arrangement controls to software and tools, which will hamper the companies, who hire hackers to find vulnerabilities in their network and products.

If the proposed changes are approved then the companies operating in the US have to have a license to export their security technologies, or information on newly discovered vulnerabilities to anywhere other than Canada.

Google submitted their comments on the proposed rules to the United States Commerce Department’s Bureau of Industry and Security (BIS).

Do Organizations Fail to Care about your Medical data? UCLA Hacked



Hospital network of the University of California, Los Angeles was broke out by a team of hackers resulting in access of sensitive records of 4.5 million people.

According to the university, the data stolen includes names, Medical information, Medicare numbers, health plan IDs, Social Security numbers, birthdays and physical addresses.

This breach could have affected  people’s who has visited, or worked at the university's medical network, UCLA Health, that includes its four hospitals and 150 offices across Southern California.

The first attempt to hack the network was done in September 2014.  UCLA Health  announced on Friday - two months after it discovered the data breach. The university network alarm "detected suspicious activity," and UCLA Health called in the FBI for help.

"At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information," UCLA Health said in a statement.

The hospital group is now notifying staff and patients, and offering them one year of identity theft recovery services.

Dr. James Atkinson, UCLA Hospital System's president, apologized to the public in a statement. And noted that hospital group is under constant attack from all over the world.

Organizations handling such kind of sensitive information should not only have physical security but also have a proper Cyber security protection. Organizations should understand importance of Cyber security before they fall victim to cyber attacks.

FBI takedown biggest malware marketplace 'Darkode'

Federal Bureau of Investigation  announced the takedown of ‘Darkode’, an international malware marketplace, on Wednesday.

Darkode was a secretive, password protected society of elite hackers, and this forum was used as a meeting place, and place to purchase and trade of hacking tools since 2008.

FBI arrested people from  20 countries and indictments for 70 individuals, including 12 in the U.S., from Wisconsin to Louisiana.

U.S. Attorney David J. Hickton said, “The FBI has effectively smashed the hornets' nest and we are in the process of rounding up and charging the hornets."

Adding to this Hickton explained how Darkode was one of the greatest threats to online security, mentioning one forum member who put up software (for a price of $65,000) that can take over cellphones. He said that how a user offered the ability to steal and sell lists of friends on Facebook.

According to the FBI’s Special Agent in Charge Scott S. Smith the arrests came after a two-year of undercover operation that infiltrated the forum.

The Pittsburgh Post-Gazette explains how the investigation started: "Following a lead generated in Pittsburgh around 18 months ago, the FBI cybersquad here launched Operation Shrouded Horizon. The bureau's local office assembled a coalition that started domestically with the bureau's offices in Washington, D.C., San Diego, New Orleans and San Francisco, and extended to online enforcement teams in 20 countries, including numerous European countries, Israel, Australia, Colombia, Brazil and Nigeria."

Federal officials say the investigation into Darkode is continuing.

Epic Games shut down its website after a hack



Epic Games,  an American video game development company based in Cary, North Carolina, now associate of Chinese Tencent Holdings, has taken down its website after they had discovered it's forums (forums.epicgames.com) were “compromised by a hacker”.

The company is now sending emails to its Epic Games Forum members informing them about that of their forums have been taken offline. 

“We are sorry to report that the incident may have resulted in unauthorized access to your username, email address, password, and the date of birth you provided at registration,” the email reads.

The company has said that there is a possibility of any information stored or sent by its users’ using the forums may have been accessed.

However, the company has not collected or maintained any financial information. It has advised its user to be alert for suspicious email such as phishing attempts.

It has said that when the site reopens, the forum member’s password will be reset.

“If you use the same password on this site which you use on other sites, we recommend immediately changing your password on those sites as well,” the email explained.

It is said that the affected forum site covers UDK, Infinity Blade, Gears of War, Bulletstorm, and prior Unreal Tournament games but the separate forum sites covering Unreal Engine 4, Fortnite, and the new Unreal Tournament were not affected.

“To further understand what’s happened and prevent it in the future, we’re working with a computer security firm to identify the nature of the compromise. We will report further information on the forums when they reopen,” the company explained in the mail.

Mozilla blocks vulnerable Adobe flash versions


A day after Facebook’s newly appointed Chief Security Officer Alex Stamos took to Twitter to call for more rapid moves to force Flash’s extinction as the plugin was reportedly being used to spread malware on users’ systems via security exploits, the head of Firefox Support has claimed to have blocked all the vulnerable versions of Adobe Flash in its Firefox browser.

On July 14, Mark Schmidt, head of Firefox Support posted on twitter, “BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now.”

According to a news report published on TheNextWeb, three major Flash vulnerabilities were discovered during security firm Hacking Team’s leaked 400GB worth of documents, which allow malicious files to execute code and install malware on victims’ computers and product source code leaked online.

“Mozilla has noted that Flash will remain blocked until Adobe releases a version that isn’t being actively exploited by publicly known vulnerabilities,” the report read.

It is also said that Mozilla is trialing Shumway, an HTML5-based efficient renderer for the SWF format that’s used with Flash files.

Housing.com hacked within days of CEO's ouster

Within days of its CEO Rahul Yadav’s exit from the company, the website of Housing.com has been hacked.

The homepage of the website shows a cryptic message, which seems as a call for its co-founder.

The defaced Housing.com home page showed the message: “Yes! We will solve the real estate, but 10X better with The Chief Architect.” The Chief architect here, refers to Yadav who was sacked by the Board of Directors, blaming him for his unfavourable behaviour.

(pc- google images)


The page of the website was filled with the following messages.

Yadav has however denied that he by any means is behind the hacking incident. He denied his involvement on his facebook page by saying that, “I would have DESIGNED it better. ‪#‎NotInvolved ‪#‎LoveYouTechTeam".

J Prasanna, director, Cyber Security and Privacy Foundation, a non-profit organization in Bangalore said that, Housing should get a thorough technical assessment of the website. He added that in a live portal, there are more chances of compromising a lot of data of the consumers.

"In this case, the hackers decided to publish the hacking. What if the hackers don't publish this and the data is sold to competitors or rogue elements? These guys did for publicity, but not everyone would do it for fun.", Time of India quoted Prasanna as saying.

Housing.com’s board released announced Yadav’s release on the 1st of July. The board released a statement that day indicating his ouster from the online realty company.

The press release said, “The board believes his behaviour is not befitting of a CEO and is detrimental to the company, known for its innovative approach to product development, market expansion and brand building.” Yadav, the release said, would “no longer be an employee of Housing and be associated with the company in any manner, going forward”.

Selfies to use as a password for doing online payments


You know what? Selfies, which we click mostly for posting on social networking sites, are now being using as a password for doing payments. 

MasterCard, an American multinational financial services corporation headquartered in New York, United States, is trying new facial recognition technology that would let customers verify their identity online by taking a selfie.

Mastercard’ s customers, who still use a system called SecureCode to verify their identity while shopping online, requires them to enter a password at the point of sale.

In an interview with CNN Money MasterCard executive Ajay Bhalla said that they want to identify the people for who they are not what they remember.

"We have too many passwords to remember and this creates extra problems for consumers and businesses. The new generation, this is into selfies….  I think they'll find it cool. They'll embrace it," he added.

According to a news report published on The Telegraph, in order to avoid problems like forgetting passwords, stealing or intercepting, many financial organisations and technology companies are testing biometrics as an alternative form of identification.

Like a British technology firm recently launched the world’s first emoji-only passcode, which allows people to log into their banks using four emoji characters, instead of PINs or passwords.

According to the report, during the trial period, some of the Mastercard's users or customers will be prompted to snap a photograph of their face using the Mastercard app on their smartphone at the online checkout point instead of entering password.

It is said that the app then converts the photo into 1s and 0s using facial recognition technology, and transmits it over the internet to MasterCard, which compares it with a stored code representing the cardholder's face. If the two codes match up, then the purchase will be approved.

Bhalla said that MasterCard will not be able to reconstruct the user's face from the data, and that the information will be transmitted and stored securely.

The company is currently testing the technology with 500 customers, and is planning a broader trial for later this year.

Along with the selfies, the company is experimenting with other forms of identification such as fingerprint scanning and voice recognition.

BadOnions : Bad TOR exit nodes attempts to login with sniffed password


A security researcher spent a month to find bad TOR exit nodes by setting up a honeypot kind of website which has a fake login page - To find the nodes that sniffs the traffic and attempts to steal the password.

Tor protects its users by bouncing their communications around a distributed network of relays runs by volunteers all around the world.

Chloe wrote in a blog, “A few weeks ago I got the idea of testing how much sniffing is going on in the Tor network by setting up a phishing site where I login with unique password and then store them. I do this with every exit node there is and then see if a password has been used twice, if that's the case I know which node that was sniffing the traffic.”

According to the researcher, he bought a domain with a tempting name (such as bitcoinbuy) and then created a sub-domain(admin.) by using vhost and set up a simple login.

He used a simple login script that allowed any password ending wiht "sbtc".  He created a random password ending with "sbtc" (eg:d25799f05fsbtc) and used it via tor nodes.

The script also saves the login attempts and successful logins in a file with user agent, IP and time - This will help him to find the bad nodes.

“The results are not so surprising, but what is most surprising about this is that 2 nodes with the 'guard' flag had logged in twice. Also, none of these nodes has been flagged even though I reported them to Tor.” Researcher said in his blog.
He released the result of the test; He tested more than 130k Exit nodes within 32 days. He found that there were 12 failed-login attempts, 16 successful logins that had not come from the researcher.

Beware of CryptoWall Ransomware, victims reporting losses totaling over $18 million


FBI's Internet Crime Complaint Center's (IC3) data shows CryptoWall as the most current and significant Ransomware affecting millions of individuals and businesses in US.

CryptoWall and its variants have been targeting people since April 2014, between April 2014 and June 2015, the IC3 received 992 CryptoWall related complaints, with victims reporting losses totaling over $18 million.

The victims incurs ransom fees between $200 and $10,000, there are additional costs which includes network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.

The system becomes infected when the victim visits or clicks on the infected advertisement, email, attachment  or  infected websites- The malware encrypts the victim's file stored on the infected machine. Ransomware schemes demand payment in Bitcoin as  it is easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity.

Victims can register the complaint to local FBI field office, or may also file a complaint with the IC3 at www.IC3.gov.

DDOS, APT attacks on Corporate and Banks


With spate of Distributed denial of service attacks and APT attacks on Banks and corporates, Anti DDOS mitigation vendors and ISP are joining together to fight the menace of DDOS attacks.

A few vendors work with ISP to mitigate the threat, working on putting up monitoring agents on every ISP(hardware box) which is connected to mitigation cloud.
A Bank official told on conditions of anonymity "ISP quickly responds to DDOS attack and mitigates for the customer. But comes to them with a Fat Proposal. Customers need to pay a standard amount ever year to get a protection.  In addition to this amount, they have to pay extra money every time they get hit.  The billing can run into lakhs for banks/corporate who take DDOS mitigation."
Another bank official confided that they have asked for a standard quote per year(ISPs are yet to respond).

Smaller vendors cannot tackle DDOS attacks. It has to be anti ddos companies with ISP which can handle this.

Some corporate and Banks are going in for a solution - They place their main websites and Mobile portal behind a Cloud Based WAF/Anti DDOS mitigation service. At the corporate end, they have a firewall and IPS making sure that no direct connection from the Internet is possible to their ISP Pipe. Does this solve the problem is yet to be seen.

"Advanced Persistent threat are followed by DDOS attacks, this is done to to erase any tracks of compromise on firewall, router, Intrusion Prevention Systems" says J Prasanna, Director, Cyber Security & Privacy Foundation Pte Ltd, a singapore based Cyber security certification organization.

The corporate/Banks are seeing only the DDOS and putting DDOS mitigation in place. It has to be checked to see if there is any compromise on data, criminal compromise from banks/corporate. The criminals could have gained access to the data or network and remain stealth for a long time", says Mr. Sreeram, Director, AVS Labs Pte Ltd, Singapore(organization which does consulting and services on cyber security).

The main problem for organizations is there are many vulnerabilities on systems which are undetected for a long period of time. The vulnerabilities could remain on the application software code written by software programmers or it could be in operating system, networks and other critical system level application. The black hat hackers(APT attackers) could exploits these vulnerabilities generally called 0-day vulnerability which could be used to enter into the systems.

Most of these organization need a "0-Day Vulnerability Assessment & Penetration Testing" and "APT Analysis" to find any Security breach". Normally not every one can do this because you need the best talents on board like "bounty hunters" who do vulnerability finding for fortune 500 companies. But that is no it - " Most bug bounty hunters cant find beyond web vulnerabilities", These auditors/assessors need the 0 day exploits and also knowledge of how APT attacks work. Most organization which perform regular Vulnerability Assessment and Penetration testing and even who do ISO 270001 certification implementation don't have capability to handle Zero-day or APT assessments.

Is a corporate with ISO 270001 standard implementation safe? A quite survey taken for 25 organizations show that almost all had standards implemented and they all experienced data theft. Some of corporate CISOs don't want to accept APT attacks, most of this information of compromise never reaches the management.

All the attacks happened at technical level, because of poor technical controls or products like antivirus/firewall/intrusion prevention not doing what they said they will do.

Do we still trust the ISO270001 implemented in corporate or the products they are using inside to save our data!

St.Mary's Bank reissue debit cards after merchant data breach

St. Mary’s Bank has initiated the process for issuing new debit cards and ATM PINs to over 5000 customers in a response to a merchant-related breach.

The bank had noticed peculiar activities in certain accounts, which were small transactions viz. $99. 

This was taken as small purchases at locations near New Hampshire and hence was not taken seriously. When the matter was taken into consideration, the officials were able to shut the compromised cards and later the matter was further investigated.

The cards were being hacked at a national retailer, from where the numbers were being sold online. After which, the accounts were tracked and phony numbers were tied to the real accounts, causing illegal access to all the accounts. 

Elizabeth Stodolski, vice president of marketing, said the bank has taken a precaution by cancelling a total of 5,029 debit cards to prevent further fraudulent transactions to take place. The old cards have been deactivated and all the customers have been personally notified about the current situation and the protocols in action.

All the customers have been asked to go to their nearest branch and get reimbursed for their losses, for which St. Mary’s Bank has taken full responsibility. 

The reports did not specify what merchants were affected and how they got compromised.  Often, Cyber criminals use POS malware or skimming device to get the card details.   

But, the question is what if suppose cyber criminals again compromise the card information. Are banks going to provide new cards again?

Hackers hacked Polish Airline LOT

The computer system of Polish airline LOT was hacked, about 1,400 passengers were grounded at Warsaw’s Chopin airport.

The system was hacked around 4 pm local time (3pm GMT), used to issue flight plans. After five hours, the specialist came up with a solution.

The  spokesman Adrian Kubicki, of LOT told Reuters reporter that “delays meant 10 national and international flights were canceled, while more than a dozen more were behind schedule.”

With his interview to TVN 24 television, he described the incident as the “first attack of its kind.”

The airline provided seats for some passengers on the other flights, and offered accommodation for those who want to stay overnight.

Kubicki mentioned, “the passengers’ lives were not in danger at any point, and the airport itself was not affected.”

“We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” he added.

Digital Constitution hacked, to promote online gambling

Digital Constitution, the Microsoft web site which protects online privacy in a digital world, was hacked to promote online casinos.

According to ZDNet, which first reported about the hacking, the Digital Constitution was running an older version of WordPress when the spammy links were discovered.

Though the links were removed from the front page in the hours following the ZDNet report, a variety of other pages continued link to the gambling sites.

The news reports says that it is unknown how long ago the site was hacked to promote online gambling, whether other Microsoft websites were hacked or not. It is still not clear who was behind the attack.

Ars Technica noted that it was not unusual for hack-by-numbers exploit kits to automatically inject malicious links into vulnerable pages that when viewed by vulnerable computers, perform drive by download attacks.

However, when the company was asked, the Microsoft answered not more than "it's fixed."

According to the news report, the attacker had injected text with keywords like "online casino," "poker, "craps," "roulette," and "blackjack." New pages were added to inject to show content that embeds content from other casino-related websites. 

Anonymous hackers taken down Canadian government websites

Anonymous hacking group hacked the several Canadian government websites and servers on Wednesday, in retaliation for a new anti-terrorism law passed by Canada’s politicians.

The sites which were affected by this cyber attack includes general website for government services, canada.ca, Canada’s spy agency, the Canadian Security Intelligence Service (CSIS).

According to the cabinet minister, Tony Clement, who is responsible for the Treasury Board, the attack has affected the email and the internet access. He confirmed this on his Twitter account.

 A video  has been posted on YouTube by Anonymous citing that the anti-terrorism law violated human rights and targeted people who disagree with the government.

The new Bill C-51, or the Anti-terrorism Act, 2015, would give new powers to CSIS and federal agencies to increase surveillance and share information about individuals.

Talking to the reporters of the guardian, the public safety minister, Steven Blaney, denounced the cyber attacks, “there were many other democratic ways for Canadians to express their views, and  the government was implementing efforts to improve its cyber security.”

LastPass network hacked, is your Password safe?


LastPass, a password manager that saves its users passwords and gives them secure access to them from every computer and mobile devices, has detected an intrusion on its network.

According to the official statement, information including users' email addresses, password remainders, server per user salts, and authentication hashes were compromised.

“In our investigation, we have found no evidence that encrypted user vault data was taken, nor were that LastPass users’ accounts accessed. "  the statement reads.

He added, “We are confident that our encryption measures are sufficient to protect the vast majority of users. It strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.”

In order to secure its data, the company is taking additional measures. It has asked all the users who are logging in from a new device or IP address first verify their account by email, unless they have multifactor authentication enabled.

According to the notice, emails have been sent to all users regarding the security incident.

“We are working to notify users as fast as possible,” Siegrist said.

Moreover, the company will also be prompting users to update their master password.

“However, if you have reused your master password on any other website, you should replace the passwords on those other websites,” he said.

Though the passwords stored in the vault is not said to be compromised, it is better to change those passwords also- Don't give a chance to hackers.  

iiNet urges its Westnet users to change their password after an alleged hack of customer database


iiNet, Australia's’ second largest internet service provider, has urged its more than 30,000 Westnet internet users to change their passwords after a hacker claimed to have gained access to the customer database and put them on sale.

According to a tweet posted by Cyber War News, the unknown hacker claimed to have hacked important details of the customers like passwords, email-addresses, telephone numbers etc.

He is now offering to ‘sell or trade’ Westnet's customer database.

However, he has not mentioned any rate for the information.

Matthew Toohey, chief information officer at iiNet, told Mashable Australia that the hack, which could be an unauthorized access to old customer information stored on a legacy Westnet system, was under investigation and had been reported to law enforcement agencies.

"iiNet takes the privacy and security of customer information extremely seriously," he said. "The 30,827 impacted customers are being contacted with a recommendation they change passwords associated with their accounts as this is the most effective way to ensure security. As a precaution, additional steps have been taken to increase the monitoring of impacted accounts."

The system is now offline.

Zomato fixed a Security bug that allowed hackers to access Personal data of 62 Million users


Zomato, an online restaurant search and discovery service providing information on home delivery, dining-out, caf├ęs and nightlife to various cities across India and 21 other countries, has fixed a bug which could allow an attacker to gain access to personal information of million users.

Anand Prakash, discovered Insecure Direct Object Reference(IDOR) vulnerability in the Zomato website.

IDOR occurs when an application provides direct access to objects based on user-supplied input. The vulnerability allows the attackers to bypass authorization and access resources in the system directly by modifying the value of a parameter used to directly point to an object, for example database records or files.

One of the API calls used for retrieving the users information is insecurely coded.  It gets the information only based on the "browser_id" parameter passed in a HTTP GET request and fails to verify the user is authorized to access the requested data.

By sequentially changing the 'browser_id' value, an attacker is able to access the users' personal information, such as Names, Email addresses, phone numbers, Date of birth.

"The data leaked also had Instagram access token which could be used to see private photos on Instagram of respective Zomato users,” Prakash wrote in his blog.

Prakash reported the vulnerability to Deepinder Goyal, CEO of Zomato, On June 1. And the next day (June 2), the flaw was fixed by Gunjan Patidar along with his engineering team.

You can also check the Proof of concept Video:


China blamed for Security breach at OPM, affects current and former federal employees


 
The computer system of the Unites State’s Office of Personal Management was hacked by the  Chinese hackers. They  will send notifications to approximately 4 million individuals whose personal data including personally identifiable information (PII) may have been compromised.

OPM detected a cyber-intrusion affecting its information technology (IT) systems and data in April 2015. The  hackers used the tougher security controls to intrude.

The U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI)  are investigating the full impact to Federal personnel.

After the intrusion additional network security precautions has been added  by the OPM. These includes: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.

Credit monitoring and identify theft insurance, and recovery services are offered by OPM to  potentially affected individuals through CSID®, a company that specializes in these services.

“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”

This hack was second major intrusion by China in less than a year, and largest breach of federal employee data in recent years.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”