Analecta Cyber Company Blog: October 2015


Experian says 15M had data stolen in hack of T-Mobile

One of the latest high-profile breaches involves mobile phone carrier T-Mobile. Hackers were able to obtain the personal information for approximately 15 million T-Mobile customers, including Social Security numbers, home addresses and birth dates.


Police Ask for Help in Identifying Credit Card Fraud Suspect

Montgomery County Police are asking for help to identify a man they say stole a credit card from a woman at the Germantown Wegmans store.

Police say the man then used the credit card at several shops in Germantown, spending about $3,000.

Anyone with information is asked to call Crime Solvers at 1-855-411-TIPS.!Police-Ask-for-Help-in-Identifying-Credit-Card-Fraud-Suspect/cjds/56254b2e0cf2c3576e671407

Seeking full-time cleared forensic analysts who love teaching

We're looking for full-time employees to join our small company to impact more than 11,000 students every day! If you have a strong background in digital forensics or cyber security and have been looking for an opportunity to make life-long impacts on this community then this is the team you've been looking for.


Bad apps: Hackers target Android phones

According to a recent report in a local newspaper in Washington, Chinese hackers have been able to infiltrate Android smartphones all over the world. The information comes just over a month after the discovery of compromised jailbroken iPhones also linked to Chinese hackers.


Detective Lewis has a challenging case, can anyone help him out?! We know you can!

The Anne Arundel County Police Department has gone to Facebook asking for help identifying a suspect. A man shown in a photo posted online allegedly used a stolen credit card in Glen Burnie. He made several purchases at a local shop. He was wearing a blue T-shirt, track suit and a big hat. Anyone with information on the suspect should call Detective Lewis or somebody else with the Eastern District Detective Division.


Detective Lemaster of the Eastern District needs your help identifying this suspect!

The Anne Arundel County Police Department went to Facebook seeking help identifying a suspect. The department posted three photos of a woman they say used a stolen credit card at several retails stores in Maryland. She was wearing a yellow T-shirt and brown glasses. The alleged thefts happened on September 17, 2015. Anyone with information is asked to call Detective Lemaster.

Critical Netgear Router Exploit allows anyone to Hack You Remotely

Some 11,000 Netgear routers are believed to be the victims of DNS Monitoring. Joe Giron, a security researcher, discovered a security vulnerability in Netgear routers that hackers are taking advantage of by changing the DNS settings on devices. The DNS settings on the researcher's device were changed to a suspect IP address.


CENTCOM Twitter, YouTube hack traced to Maryland, home of the NSA

Hackers managed to access the Twitter and YouTube accounts United States Central Command’s, or CENTCOM, uses for its forces in the Middle East.


Car Hacking Gets the Attention of Senators

With the ongoing quick evolution of technology it is not unusual to hear about new things being hacked. In just the past couple of years, a pair of researchers discovered a way to remotely compromise the internal system of a car. They were able to stop the car’s transmission and control the steering as well as its braking system. This “hacking” was part of the research conducted by Charlie Miller and Chris Valasek, who  have been working for several years on car security projects. As part of their accomplishments, they discovered vulnerabilities and attack methods in other vehicles. Their work was part of a project sponsored by DARPA (part of the Cyber Fast Track program).


FBI, hackers bust bank-robbing botnet

A television station based in Salisbury, Maryland has reported a massive hacking operation involving computers from all over the world. American and British police working in collaboration with each other have managed to stop the hack, which was able to steal at least $10 million from the United States alone.


The Big One: Why Hotels Are Such a Hit for Hackers

Hilton Hotels, a worldwide resort and hotel franchise, based in McLean, Virginia, may have been a victim of a large-scale financial data breach. The hotel chain is investigating a series of ongoing credit card fraud incidents which may suggest that it was indeed a victim of cyber criminals. This report of hotel breach adds to an increasingly long list of hacking events connected to businesses where customers regularly spend large amounts of money.


Startup Maryland’s Website Hacked

Midway through its second quarter, the website for Startup Maryland was hacked and replaced with a message seemingly meant to encourage people to take up Islam.


Hackers Can Disable a Sniper Rifle—Or Change Its Target

It seems that these days everything with a computer system can be hacked. Now even a sniper rifle has been added to the long list. An auto-aiming rifle developed by TrackingPoint has a built-in networked tracking scope and upgradeable software. The company has sold more than a thousand of these high-end, Linux-powered rifles with a self-aiming system. This system helps a novice shooter turn into a world-class marksman hitting targets as far as a mile away. But this technology also lead hackers to compromise the rifle itself and exploit vulnerabilities found in its software.


Experts: Most big law firms have been hacked

At a time when high-profile data breaches are hitting various retailers, banks, health insurance companies and even government agencies, experts say hackers are also quietly going after most big law firms.


Local Maryland ABC station's phone system hacked

Hackers were able to access channel 47 ABC's phone system. The company, based in Salisbury, Maryland, was hacked during its celebration of the Fourth of July. According to an interview with the president of Maloney Telecom Inc., a wave of phone hacking has happened particularly to hotels and larger businesses. He added that hackers appear to target the phone's voice server to somehow get access to their target's voice mail systems which are usually interconnected. He added that, if the system was left unprotected by passwords, their server can be accessed remotely and could be hacked.

This means that the phone system only served as a transition point to the cyber criminal’s main objective. This allows them to make outgoing calls, often internationally. Hackers go through this process so they won’t be paying long distance charges specially when calling their family and friends abroad. In some cases, they utilize it to do business abroad linked with another scam in which they make money by selling calling services to other international hackers.

Woman Suspected of Using Stolen Credit Card in Odenton

The Anne Arundel County Police Department is seeking information about a women who used a stolen credit card in the Odenton area.

The suspect tried use the card at many shops before it was declined in Parkville.

The department has shared a picture of the woman through Facebook. Anyone with information is asked to call Det. Pamer in the Western District Detective Unit.


Man used stolen credit cards at Glen Burnie Walgreens

The Anne Arundel County Police Department is asking for information that can help it track down a man they say used a stolen credit card at a Maryland drug store.

The man used the stolen credit card to buy gift cards at the Walgreens in Glen Burnie, police said. A photo taken from surveillance camera footage and released by police shows a black man wearing a black t-shirt, black trousers and a black and white baseball cap.

Anyone with additional information is encouraged to call Detective A.D. Lewis with the Anne Arundel County Police Department Eastern Division Detective Unit.


Which states are the most vulnerable for identity theft and credit card fraud?

In 2014, there were 332,646 identities stolen in U.S. The most common kind of identity theft came from government documents such passports, driving licenses and Social Security cards.
Florida had the highest rate of identity theft per capita of any state, with 186 cases for every 100,000 residents. Following Florida was Washington state, Washington DC, Oregon and Missouri. South Dakota, Hawaii and North Dakota saw the lowest rates. Florida also leads the nation in terms of credit card fraud.

About 9 percent of credit card fraud complaints filed by consumers were closed before any relief came from credit card companies.


Russian hackers break into Pentagon's network

The U.S. government remained one of the main targets of international cyber attacks. Early this year, a network at the Pentagon was hacked by what officials believed to be Russian hackers. Pentagon officials discovered the hack when sensors guarding the Department of Defense’s unclassified networks was triggered by a hack appearing to originate in Russia.


AT&T says malware secretly unlocked hundreds of thousands of phones

AT&T Inc., a multinational telecommunications corporation and one of the largest provider of mobile and fixed telephones in the United States, has filed suit against former employees the company alleges received sums of $10,500 and at least $20,000 to secretly install malware on company computers.

According to the lawsuit, the malware would run invisibly after it has been downloaded by the employee, who would then be paid $2,000 every two weeks. The malware was purportedly used to unlock hundreds of thousands of AT&T smartphones without permission.


Apple's iOS App Store suffers first major attack

Apple Inc., is a multinational technology company that designs, develops, and sells consumer electronics, computer software, and online services. As part of their services, the company had been implementing a rigorous review process on apps before they became available on its App Store. A cyber security firm even cited that just a total of five malicious apps had ever been found in the App Store.


Symantec subsidiary Thawte caught issuing rogue Google certificates

Thawte, a subsidiary certificate authority of Symantec, accidentally issued a small number of security certificates for three domains (including and which were only intended for internal product testing. Having this certificate indicates security over a computer network. Therefore, certificate authorities should exercise the utmost caution before issuing them. A rogue certificate, like the ones released by Thawte, allows someone to intercept communications between you and your bank, email provider, or employer without detection.