UNM4SK3D: Yahoo, IBM, and Twitter

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

< Back to Blog Posts

UNM4SK3D: Yahoo, IBM, and Twitter

Published: March 17, 2017 | By: Olivia | Views: 1119
save

 

cyber_security_news

#indictments

In the ongoing saga over Yahoo’s security breaches, one of which affected over 500 million users, a grand jury has indicted four defendants on charges of computer hacking, economic espionage and other criminal offenses in connection with a conspiracy. 

But that’s not even the most intriguing part. Of the four, Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin, Alexsey Alexseyevich Belan, and Karim Akehmet Tokbergenov (try saying those names 5 times fast), two are officers of the Russian Federal Security Service (FSB). The indictment alleges the FSB officers Dokuchaev and Sushchin “protected, directed, facilitated and paid” hackers Belan, a Russian national and U.S. resident, and Baratov, a resident of Canada, to access Yahoo’s systems to steal the user account information.

According to the prosecutors, the hackers allegedly used the stolen information to access the contents of accounts on other email providers, like Google. These accounts belonged to everyone from Russian journalists, and U.S. and Russian government officials, to private-sector employees of financial, transportation and other companies. Belan also exploited access to Yahoo’s network to facilitate a spam campaign for his personal financial gain. He was able to do so by “searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts.”

The FBI and the US Department of Justice worked with Yahoo and Google on the investigation to discover who was allegedly responsible, an investigation they are considering successful. Regardless of the outcome of this case, it points to a few aspects to consider. First, cyber security shortcomings at Yahoo were systemic and most likely, they are not the only enterprise who does not take threat reports seriously. Likewise, the case highlights an increasing entanglement between nation-state actors and private companies. A tangled mess which has only gotten more tangled.

Today we continue to pierce the veil of anonymity surrounding cyber crimes. We are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests. – James Comey, FBI Director

If you want answers to questions like: What are the laws governing cybercrime, and more importantly, what are the penalties and how often have they been imposed? Read ‘Cybercrime and Punishment: Who’s Actually Paying the Price? ‘

#datastorage

Are you the kind of person always losing things? IBM may just have discovered the ideal data storage for you. Imagine storage being a part of your DNA. Researchers took a big step towards improving computing technology by figuring out a way to store data on a single atom

The first question that comes to mind is whether or not you could charge rent for storing someone else’s data. All joking aside, this could be an excellent solution to a major problem. “Currently, hard drives use about 100,000 atoms to store a single bit of information — a 1 or 0 — using traditional methods. So, this breakthrough could allow people to store 1,000 times more information in the same amount of space in the future applications.” And the kind of data that has been stored on a strand of DNA as of Wednesday is pretty expansive, at least if you’re a millennial. The digital data successfully stored includes an entire operating system, a movie, an Amazon gift card, a study and a computer virus.

If you’ve got questions as to how this is even possible, well, you’re not alone. Essentially, IBM researchers developed the world’s smallest magnet using a single atom and they packed it with one bit of digital data. Their experiment builds on a strong foundation of nanotechnology research at the company, replicating the process of writing binary data (1s and 0s) to a traditional magnetic hard drive using the rare earth element holmium, magnesium oxide, and a very accurate needle. Future applications of nanostructures built with control over every atom could someday make data centers, computers, and other personal devices smaller and much more powerful.

We conducted this research to understand what happens when you shrink technology down to the most fundamental extreme—the atomic scale. -Christopher Lutz, IBM nanoscience researcher

If you’re planning on sticking to more ‘traditional’ storage devices at this point, watch the ‘Install and Configure Storage’ video to learn what a storage device is, how they are used and examine the specs of each type.

#hacked

The report of the latest Twitter security incident doesn’t have to do with Donald Trump, but it is concerning nonetheless. Thousands of Twitter accounts were compromised early on March 15th and spread a disturbing spam message written in Turkish comparing the Dutch to the Nazis, with Swastikas and a “#NaziHollanda” or “#Nazialmanya” (Nazi Germany) hashtag. 

Of the accounts involved were media outlets to celebrities, including the European Parliament, Forbes, Amnesty International, UNICEF, Nike Spain and numerous others. One of the most worrisome and probably the most widely reported of those accounts was Starbucks Argentina, who continued to display the Turkish flag long after many other companies had repaired the damage. In some cases, account’s profile pictures were changed to an image of the Turkish flag and Ottoman Empire coat of arms. Others linked to a YouTube video talking up Recep Erdoğan, the current President of Turkey.

Recent reports say this inappropriate Twitter activity is the result of a vulnerability in the third-party app called Twitter Counter. Twitter Counter is a social media analytics service that helps Twitter users to track their stats and also offers a variety of widgets and buttons. Legitimate third-party Twitter apps don’t actually store, or even know, your password, so they can’t take over your account entirely, but when you activate these services, they’re issued a security token nonetheless to perform certain actions on your account. The problem arises because services that you have authorized to access your account at any time in the past can continue to do so, even after you log off from Twitter in your own browser, or after you logout via the Twitter software on your mobile phone. It’s best to revoke permission for Twitter Counter, if you use it.

We’re aware that our service was hacked and have started an investigation into the matter. We’ve already taken measures to contain such abuse. -Twitter Counter rep

Concerned about your Twitter account? Read ‘Social Media Risks and Controls.’

#factbyte

According to CIO Dive, people have as little as a 1 in 9.2 quintillion chance of correctly picking all winning teams during the NCAA Division I basketball tournament.

#certspotlight

Typically, technical project managers assess technical risks, assist with technical problem solving, and cut through the layers of any given project to determine what the core needs and issues are. 

The Technical Project Management Micro Certification is for technicians who would like to take the next step and cross the border into management. Though a difficult transition, progressing through the skill course and successfully passing the Technical Project Management Certification exam shows that you have both the technical proficiency and management skills to successfully lead technical projects by utilizing well-known tools, techniques, and methodologies.

In this Micro Certification course, professionals become familiarized with all stages of project management including initiating, planning, execution, and monitoring/controlling in the context of IT projects.

olivia2

Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel