In Rio, the opening ceremonies last Friday were the start of the 2016 games, and the beginning of increased security concerns for visitors in Brazil. As expected, hackers took advantage of the Olympic press to DDoS and leak information from the Brazilian government – all amidst media reports warning users to avoid local wifi networks. The bustle of visitors to Brazil makes this an ideal time for local criminals to exploit networks and payment card systems alike; we expect to see an uptick in available cards for purchase as the Games wrap up.
Meanwhile, in the political world, Russia is planning a centralized database that could make their citizens’ PII a quick and easy target – all under the guise of streamlined information sharing. The United States continues to tackle PII security in the wake of the election cycle breaches, and Google tries its hand at YOLO.
Rio Olympics: Zika Isn’t The Only Concern
8/8 Visitors at the Rio Olympics are being advised not to drink the water, and not to turn on their Wifi. Reports from security firms who have been analyzing wifi hotspots in the area say that hackers aren’t using any special tricks, they’re simply setting up malicious hot spots, and people are connecting to them.
8/8 Anonymous is taking action against the Brazilian government by targeting key government sites with DDoS attacks. The targeted sites include the official Brazilian government site for the 2016 games (brasil2016.gov.br), the Portal of the State Government of Rio de Janeiro (rj.gov.br), the Ministry of Sports (esporte.gov.br), the Brazil Olympic Committee COB (cob.org.br) and the official website of the Rio 2016 Olympics (rio2016.com).
8/5 Meanwhile, a Zeus Trojan variant called Panda is now targeting banking and payment industries in Brazil. With the Olympics underway, the influx of people (and their unusual spending patterns) an attack of this sort is unsurprising. Since Panda is typically a trojan seen in Russia, some are speculating about possible connections between Eastern European and Brazilian hackers. Whether Eastern European hackers are working in coordination with Brazilians or simply having a field day with an easy target remains to be seen.
8/10 The Russian Government has recently announced a plan to create a database with the personal information of all Russian citizens. The database will include a full range of PII for every citizen, including names, place of birth, passport numbers, driver’s license numbers, and other personal details. The database will include both living and deceased Russians, along with foreigners permanently residing in the country. The question is, how long until someone tries to claim this database as their latest trophy?
8/5 In the run-up to the 2016 presidential election, DHS Secretary Jeh Johnson said his department is considering classifying electronic polling stations across the country as “critical infrastructure.” This would entitle them to the same information security resources as the nation’s power grid and financial sector. The nation’s election infrastructure – and its security– has not undergone significant changes since 2002. The security of voting systems has come to the forefront of cybersecurity discussions in the wake of recent political breaches.
One More Thing:
8/9 Google is creating an API for fast logins called YOLO (You Only Login Once). This API is designed to streamline password management. Google is aiming for universal adoption of their YOLO technology going forward, but the initial API will focus on Android devices.