Massive Internet Outage Appears Resolved

massive

Last week, a cyberattack on internet service and DNS management company Dyn made inaccessible several highly trafficked websites including Twitter, PayPal, GitHub, Netflix, The New York Times, Vox Media, and more.

Dyn was hit with a DDoS attack—Distributed Denial of Service. With DDoS attacks, computers, sometimes millions of them, pummel a website or server with immense amounts of data traffic simultaneously, which overloads the target system and causes disruption and outages.

After a series of attacks, Dyn says the issue has been resolved in a statement on its website, “While there was a third attack attempted, we were able to successfully mitigate it without customer impact.”

In this attack, tens of millions of internet-connected devices flooded Dyn’s network. These are devices owned by everyday people. The devices were infected with malware known as the Mirai botnet.

Cybersecurity researchers discovered that the Mirai botnet mostly infects internet-connected security cameras, DVRs, and routers. Mirai-infected devices have been found in over 160 countries.

How does Mirai infect a home user’s Wi-Fi router or DVR? By using brute force to guess the management password of these devices. By using weak passwords or leaving the default password intact after purchase, customers place their devices at risk for infection.

Interestingly, computer security company Incapsula discovered that the makers of the Mirai botnet deliberately programmed the malware not to infect specific devices. These spared devices belong to the US Postal Service, the Department of Defense, the Internet Assigned Numbers Authority (IANA) and IP ranges belonging to Hewlett-Packard and General Electric.

The sophistication of the malware and the enormity of the attack have prompted the Department of Homeland Security and the FBI to initiate an investigation. According to a statement released by Dyn, the company is cooperating with authorities:

Dyn is collaborating with the law enforcement community, other service providers, and members of the internet community who have helped and offered to help. The number and type of attacks, the duration, the scale, and the complexity of these attacks are all on the rise. As a company, we have for years worked closely with the internet community to assist when others encountered attacks like these and will continue to do so.

Massive Internet Outage Appears Resolved

massive

Last week, a cyberattack on internet service and DNS management company Dyn made inaccessible several highly trafficked websites including Twitter, PayPal, GitHub, Netflix, The New York Times, Vox Media, and more.

Dyn was hit with a DDoS attack—Distributed Denial of Service. With DDoS attacks, computers, sometimes millions of them, pummel a website or server with immense amounts of data traffic simultaneously, which overloads the target system and causes disruption and outages.

After a series of attacks, Dyn says the issue has been resolved in a statement on its website, “While there was a third attack attempted, we were able to successfully mitigate it without customer impact.”

In this attack, tens of millions of internet-connected devices flooded Dyn’s network. These are devices owned by everyday people. The devices were infected with malware known as the Mirai botnet.

Cybersecurity researchers discovered that the Mirai botnet mostly infects internet-connected security cameras, DVRs, and routers. Mirai-infected devices have been found in over 160 countries.

How does Mirai infect a home user’s Wi-Fi router or DVR? By using brute force to guess the management password of these devices. By using weak passwords or leaving the default password intact after purchase, customers place their devices at risk for infection.

Interestingly, computer security company Incapsula discovered that the makers of the Mirai botnet deliberately programmed the malware not to infect specific devices. These spared devices belong to the US Postal Service, the Department of Defense, the Internet Assigned Numbers Authority (IANA) and IP ranges belonging to Hewlett-Packard and General Electric.

The sophistication of the malware and the enormity of the attack have prompted the Department of Homeland Security and the FBI to initiate an investigation. According to a statement released by Dyn, the company is cooperating with authorities:

Dyn is collaborating with the law enforcement community, other service providers, and members of the internet community who have helped and offered to help. The number and type of attacks, the duration, the scale, and the complexity of these attacks are all on the rise. As a company, we have for years worked closely with the internet community to assist when others encountered attacks like these and will continue to do so.

BE Smart Hackers Visit Silicon Valley Corporate Sites

Be Smart

On Day 2 of the BE Smart Hackathon, sponsored by Toyota, all 10 student teams visited the Silicon Valley sites of two of the Black Enterprise TechConneXt Summit corporate sponsors: the AT&T Foundry and LinkedIn.

AT&T Foundry

The AT&T Foundry outdid itself again this year. Separating the students into three groups of roughly 15, each group engaged in an activity with the AT&T Foundry staff.

The first activity required the group of 15 to break into three teams. Each team had to tape strands of spaghetti together out from the edge of a table; the team that constructed the longest strand without its touching the floor would win.

Each team approached the challenge differently. Reflection was also part of the activity, as was learning from what other teams had done. One team’s spaghetti strand reached a length of 7 inches without touching the floor!

Tarren Corbett-Drummond, the Foundry’s senior product marketing innovation manager, said that of other groups that have performed this challenge, kindergartners did better than many adults. She also said that engineers and architects did best.

A provocative second activity, developed by the Foundry’s data scientists, involved machine learning and how constructing machine learning models requires knowing some of the answers already. Reinforcement learning can be used when you don’t the answer.

LinkedIn

At LinkedIn the students learned how to optimize their LinkedIn profiles. Emily Gause, a Howard alum who works at LinkedIn, provided great tips, including the following:

  • Don’t just “mass add” to your network. Add people strategically—those you can help professionally or who can help you.
  • LinkedIn isn’t Facebook. Make sure whatever you share on LinkedIn represents you as a professional.
  • Include a photo on your profile.
  • Use an attention-grabbing headline, not just “student at XYZ College.”
  • Write a compelling summary. This is the place where you can sell yourself. Be specific. Don’t be shy.
  • If you have another site where you blog or where you’ve already developed a following, link to that site from your LinkedIn profile (as long as it’s professionally appropriate).
  • Add to your profile volunteer experiences and causes you care about; 41% of hiring managers consider volunteer work to be as important as professional experience, according to LinkedIn.
  • Join LinkedIn groups.

Gause also suggested having a few people review your profile. The career services people I’ve interviewed all said they regularly helped students (and sometimes graduates) develop their LinkedIn profile.

Gause also said that even “locked” profiles aren’t off-limits to recruiters. Using a recruiter tool, recruiters can view private profiles—so be sure to keep yours professional.

For more about the BE Smart Hackathon, visit the Black Enterprise TechConneXt Summit website.

[TechConneXt Summit] Meet the Hackers

Spelman hackers at TechConnext Summit

If you’ve been in tune with all things Black Enterprise TechConneXt Summit, happening now in Silicon Valley, then you’re well aware of the 20 ambitious students from Morgan State University, Howard University, Spelman College, Southern University, and Johnson C. Smith, hacking their way into notoriety with the BE SMART Hackathon.

Four students from each school are currently taking on the challenge of developing an app that will enable individuals to create budgets, manage expenses, review credit history, track spending, and develop savings and investment plans; all from their electronic devices. Each team’s app will be judged based on the utility to individual users and viability of the app. May the best team win.

Let’s meet the team members:

Morgan State University

Benjamin Hall (Team Lead) – Senior
Major: Computer Science
Minor: Mathematics

Khir Henderson – Senior
Major: Electrical Engineering
Minor: Computer Engineering

Kevin Proctor – Senior
Major: Electrical Engineering
Minor: Mathematics

Jaleel Wright-Walker – Senior
Major: Electrical Engineering
Minor: Cybersecurity

Howard University

Victor Foreman (Team Lead) – Senior
Major: Computer Science

Errol Grannum – Junior
Major: Computer Science

Barry Harris, Jr. – Junior
Major: Computer Science

Remington Holt – Senior
Major: Computer Science

Johnson C. Smith University

Michael Gibbs (Team Lead) – Senior
Major: Computer Science and Information Systems

Allen Johnson – Senior
Major: Computer Science and Information Systems

Lewis Lawrence – Senior
Major: Computer Engineering

Kimberly McFadden – Senior
Major: Information Systems Engineering

Southern University

Egbeyong Tanjong (Team Lead) – Senior
Major: Computer Science

Morgan Brenton – Senior
Major: Computer Science

Jonathan Charles – Senior
Major: Computer Science
Minor: Math

Alanie Fernandez – Senior
Major: Computer Science

Spelman College

Brygette Bagley (Team Lead) – Junior
Major: Computer Science
Minor: Math

Mya Havard – Junior
Major: Math
Minor: Computer Science

Osariemem Odemwingie – Junior
Major: Computer Science
Minor: Math

Elizabeth Sengoba – Junior
Major: Computer Science
Minor: Math

Watch these students hack their way to success via livestream at http://www.blackenterprise.com/events/techconnext/livestream-schedule/​. To closely follow all TechConneXt activities be sure to check out Black Enterprise via social media @BlackEnterprise and search #TECHCNXT for updates, highlights, attendee uploads and information.

[Recap] White House Hosts Youth Leadership Hackathon

Recently, the White House Council on Women & Girls and the Department of Education welcomed 80 youth leaders and staff from around the U.S. to the White House for a an open discussion on leadership development and policy. As the young trailblazers shared their perspectives and possible solutions for a number of issues affecting our nation, including the School-to-Prison pipeline, STEM diversity, and sexual assault, they set the Twittersphere on fire with the hashtag #WHYouthLead.

Just in case you missed it watch the video and check out the Storify recap below:

Federal Employees May Be At Risk For Identity Theft

The Social Security numbers of every current, former and retired federal employee was allegedly hacked, asserts The American Federation of Government Employees in regards to a December data breach of the Office of Personnel Management (OPM). The breach was possibly carried out by the Chinese government.

This accusation was made by AFGE president J. David Cox to OPM director Katherine Archuletta in a strongly worded letter obtained by The Associated Press.

“We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” Cox said in the letter. He called the occurrence “an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”

On Monday, the OPM released a statement explaining that in April 2015, the agency became aware of an incident affecting its information technology systems that may have compromised the personal information of current and former Federal employees. For security reasons, the OPM says they will not discuss the specifics of what types of data was targeted in the breach. Why the extent of damage from this particular infiltration was not made public sooner has not been addressed by Archuletta or The White House.

The AFGE believes that the OPM’s central personnel data file, which contains up to 780 separate pieces of information about an employee, was the target of the theft. This file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs. It includes data about military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information; along with age, gender and race data, explains Cox. This will significantly affect blacks working in Federal government as more than 17% of the federal workforce is African American.

Though OPM denies this, data containing background investigations of employees and contractors applying for security clearances may have also been targeted.

Since the incident was identified, OPM claims that it immediately implemented additional security measures to protect the sensitive information it manages. OPM also partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team, and the Federal Bureau of Investigation to determine the impact to Federal personnel.

Beginning June 8, the agency started sending emails and letters via the U.S. Postal Service to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident. The email will come from opmcio@csid.com and it will contain information regarding credit monitoring and identity theft protection services being provided to those employees impacted by the data breach. Notifications will end June 19.

Additionally, OPM is offering affected individuals a free, 18-month membership with CSID, a company that specializes in identity theft protection and fraud resolution in order to mitigate the risk of fraud and identity theft.

The comprehensive service includes immediate credit report access, credit monitoring, identity theft insurance and recovery services.

Visit the company’s website, www.csid.com/opm or call toll-free 844-777-2743 (International callers: call collect 512-327-0705) for more information.

Google: Email Password Recovery Questions May Not Be Secure

If you’ve ever registered for an email account on the likes of Gmail, Hotmail, Yahoo or AOL, you’ve probably been asked to select some answers to some security questions. But those email password recovery questions might not be secure enough to keep hackers out—but might be too strong for you to remember.

[Related: Google Employees Spend 20% of Work Time on Diversity Efforts]

According to a recent research report from Google, questions asked—such as “What is your favorite food?” “What is the name of your first pet?” and “What is your mother’s maiden name?”—were tricky enough to keep 40% of users who went through the password-recovery process out because they couldn’t remember the answers they chose.

Part of this has to do with users picking different answers than what they should actually be for the question, such as users using a telephone number when the question may ask for a frequent flier number, according to TechCrunch.

Google’s report comes from numbers from millions of data-recovery attempts conducted through its Gmail service.

Also discouraging, according to TechCrunch, is how easy it was for hackers to obtain some information about users’ accounts. For example, it says, hackers were often able to guess that an English-speaking user’s favorite food was pizza, which is apparently the answer to that question used by some 20% of Google’s account holders. And, when looking at Spanish-speakers, the study found that with 10 guesses, hackers had a 21% chance of figuring out a user’s father’s middle name. Countries with populations living in a few large cities were likely to have easier-to-hack accounts when the security question involved asking where the authorized user was born.

There are some alternatives to passwords, but rarely is that the case for an email account, so that text has to be kept safe. But Google’s study encouraged the use of SMS password recovery, in which users would have their recovery code sent in the form of a text to their mobile phone. Provided a thief doesn’t also have your Android or iPhone, it could be yet another option to keeping your digital presence under lock and key.

FBI: Hacker Took Over Plane, Made It Fly Sideways

The FBI says a computer expert briefly hacked into a plane’s in-flight entertainment and caused it to fly sideways.

According to NBC News, Chris Roberts—CTO and founder of One World Labs—allegedly told FBI agents that he connected his computer to the plane’s in-flight entertainment system and overwrote code to take control of the thrust management system, according to a search warrant that was filed last month in a Syracuse, N.Y., federal court.

“[Roberts] stated that he successfully commanded the system he had accessed to issue the ‘CLB’ or climb command,” FBI Special Agent Mark Hurley wrote in the warrant application, according to NBC News. “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.”

USA Today notes that Roberts made news in April, when he was told he couldn’t fly United Airlines because of a tweet he posted about whether or not he could hack the flight’s onboard computer settings. According to the paper, he allegedly told the FBI that he had hacked into planes “15 to 20 times” between 2011 and 2014, though the exact date of the flying-sideways incident has not been revealed.

And senior law enforcement officials have said there was no evidence that confirmed Roberts had been able to carry out his detailed, step-by-step process (read here) to access the plane’s computer through its in-flight entertainment system, according to USA Today.  The official was not authorized to speak publicly.

“While we will not comment on specific allegations, there is no credible information to suggest an airplane’s flight control system can be accessed or manipulated from its in flight entertainment system. Nevertheless, attempting to tamper with the flight control systems of aircraft is illegal and any such attempts will be taken seriously by law enforcement,” the official said not authorized to speak on the matter.

Far from being the first incident aboard a plane, it is one that might add to already existing discomfort or fear for some passengers, and makes sense why some airlines are encouraging website hacks—though plane hacks don’t appear to be happening anytime soon.

[REPORT] Cybercrime to Cost Business $2 Trillion in 2019

A new study projects that cybercrime breaches will cost businesses more than $2 trillion by 2019—almost four times the amount expected to be lost in 2015.

The new global figures from Juniper Research were revealed in a startling new report entitled The Future of Cybercrime & Security: Financial and Corporate Threats and Mitigation.

[Related: Homeland Security to Open Silicon Valley Office]

The ongoing digitization of consumers’ lives and companies’ records is partially to blame, the report says. But most of the blame for the $2.1 trillion spent on recovering from cyber-attacks is placed on hackers, which the Juniper Research says have become increasingly more professional.

“Currently, we aren’t seeing much dangerous mobile or IoT (Internet of Things) malware because it’s not profitable,” said the study’s author James Moar, with the report noting growth in mobile and IoT cyber-attacks, but as a much slower and less effective rate than traditional cybercrimes.

“The kind of threats we will see on these devices will be either ransomware, with consumers’ devices locked down until they pay the hackers to use their devices, or as part of botnets, where processing power is harnessed as part of a more lucrative hack. With the absence of a direct payout from IoT hacks, there is little motive for criminals to develop the required tools,” Moar adds.

The study also says that the number of hack attacks may go down in the future, but that they will be carried out more efficiently, making them a bigger threat to businesses and individuals.

Another finding in the report: nearly 60% of anticipated data breaches worldwide in 2015 will occur in North America, but those figures will decrease as other nations become richer and more digitized.

The report also found that the average cost of a data breach in 2020 will exceed $150 million by as more business infrastructure gets connected and is targeted.

Nearly one in five small businesses is already at risk for being hit by cybercrime and even President Obama has been a victim of these sophisticated online attacks. This news adds to the financial concern already felt by said businesses and further demonstrates the need for entrepreneurs to make sure their online assets are safe.

Hack Lets Facebook Pages Become Small Business Websites

Earlier this year, Facebook made a case to media organizations to host their content on the social media site rather than requiring users to go to an outside link to read shared stories.

Now, a new hack may allow small business owners to use their Facebook profile as their homepage on the World Wide Web.

According to TechCrunch, Pager—a hack that was produced and introduced during the Disrupt NY 2015 event being held in New York City—could make it easier for those more familiar with the functions of Facebook than, say, WordPress, to maintain sites for their small businesses.

“The team has already worked for restaurant owners, doing freelance work and teaching them how to update their WordPress websites—in many ways, it’s too complicated and cumbersome for these busy people,” TechCrunch writes. “And yet, I’m sure your favorite bar has a successful Facebook page, and its staff is posting pictures, events and wall posts all the time.”

A good point and, according to the website, the set-up process is easy, and users are able to manage About, News, Events and Galleries sections. About should focus on contact details and hours of operation, while News displays wall posts, Events is designed for promotions and forthcoming activities, and Galleries highlight pictures taken at the establishment or show the business in action.

There are still a few glitches, according to TechCrunch, but the makers of the hack could possibly continue to work on implementing fixes that could make it more user-friendly.

There’s no word of when or if the app will be officially integrated into Facebook (this hack was created using the open Facebook application programming interface, or API), but those looking to get into the game early can learn more about and download Pager here.

As the importance of social media in marketing becomes more clear, and as Facebook finds use as an email service, it seems inevitable that the site has the potential to be much more for its 1.4 billion users than just serving as a work-time distraction.