This Week: Olympic Security, Russian Databases, and Google tries YOLO

Next: The Security Industry Mindset: Black Hat 2015 vs....
Previous: This Week: Brazilian Banks Still Hit Hard, Gun...
As any good goalie knows, you can’t block everything.
Writer Emily W.
August 12, 2016

Emily serves as the Director of Analysis at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

In Rio, the opening ceremonies last Friday were the start of the 2016 games, and the beginning of increased security concerns for visitors in Brazil. As expected, hackers took advantage of the Olympic press to DDoS and leak information from the Brazilian government – all amidst media reports warning users to avoid local wifi networks. The bustle of visitors to Brazil makes this an ideal time for local criminals to exploit networks and payment card systems alike; we expect to see an uptick in available cards for purchase as the Games wrap up.

Meanwhile, in the political world, Russia is planning a centralized database that could make their citizens’ PII a quick and easy target – all under the guise of streamlined information sharing. The United States continues to tackle PII security in the wake of the election cycle breaches, and Google tries its hand at YOLO.

Rio Olympics: Zika Isn’t The Only Concern

8/8 Visitors at the Rio Olympics are being advised not to drink the water, and not to turn on their Wifi. Reports from security firms who have been analyzing wifi hotspots in the area say that hackers aren’t using any special tricks, they’re simply setting up malicious hot spots, and people are connecting to them.

8/8 Anonymous is taking action against the Brazilian government by targeting key government sites with DDoS attacks. The targeted sites include the official Brazilian government site for the 2016 games (brasil2016.gov.br), the Portal of the State Government of Rio de Janeiro (rj.gov.br), the Ministry of Sports (esporte.gov.br), the Brazil Olympic Committee COB (cob.org.br) and the official website of the Rio 2016 Olympics (rio2016.com).

8/5 Meanwhile, a Zeus Trojan variant called Panda is now targeting banking and payment industries in Brazil. With the Olympics underway, the influx of people (and their unusual spending patterns) an attack of this sort is unsurprising. Since Panda is typically a trojan seen in Russia, some are speculating about possible connections between Eastern European and Brazilian hackers. Whether Eastern European hackers are working in coordination with Brazilians or simply having a field day with an easy target remains to be seen.

Meanwhile:

8/10 The Russian Government has recently announced a plan to create a database with the personal information of all Russian citizens. The database will include a full range of PII for every citizen, including names, place of birth, passport numbers, driver’s license numbers, and other personal details. The database will include both living and deceased Russians, along with foreigners permanently residing in the country. The question is, how long until someone tries to claim this database as their latest trophy?

8/5 In the run-up to the 2016 presidential election, DHS Secretary Jeh Johnson said his department is considering classifying electronic polling stations across the country as “critical infrastructure.” This would entitle them to the same information security resources as the nation’s power grid and financial sector. The nation’s election infrastructure – and its security– has not undergone significant changes since 2002. The security of voting systems has come to the forefront of cybersecurity discussions in the wake of recent political breaches.

One More Thing:

8/9 Google is creating an API for fast logins called YOLO (You Only Login Once). This API is designed to streamline password management. Google is aiming for universal adoption of their YOLO technology going forward, but the initial API will focus on Android devices.

RELATED ARTICLES
analysis October 08, 2018
The Nine Lives of a Stolen Payment Card

For financial institutions, simply cancelling and issuing a new card will only prevent fraudulent charges on that specific payment card—a canceled card does nothing to stop future fraudulent activity stemming from other compromised cardholder...

analysis October 02, 2018
The Truth About Dark Web Pricing

Asking how much data costs on the dark web is a good question, but the line of inquiry should not end there. In our research of the dark web, Terbium Labs not only examines...