These systems are even more vulnerable now because states are rushing to disburse funds to millions of newly unemployed workers and in some cases forgo lengthy reviews that rule out bogus claims.
“There is an urgent need to withdraw money quickly. This makes us an attractive target for fraudsters ”, Suzi LeVine, commissioner of the Washington State Department of Employment Security, who has been hit hard by the crooks, told The Times.
Crimes will come at a cost to states whose resources are already depleted by the pandemic. “It’s a punch,” LeVine said.
Bogus unemployment claims could cost states hundreds of millions of dollars, warns the U.S. Secret Service.
The Secret Service has spotted possibly fraudulent allegations in Washington state, Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island and Wyoming, according to a memo reviewed by The Times. But the fraud could be much larger and the Secret Service is still investigating.
The crooks appear to be part of a well-organized Nigerian fraud ring, indicates the memo.
Unemployment systems rely mainly on easy-to-find information to verify that people are who they say they are.
This makes them particularly vulnerable. In some cases, applicants do not need to provide anything other than their name, social security number and other basic information, Notes from cybersecurity blogger Brian Krebs. This information has likely all been exposed by many past data breaches, and crooks can easily find it for sale in the dark corners of the internet.
The crooks in this case seem to have carried out a particularly professional operation, gathering large amounts of data, known as Personally Identifiable Information, or PII. And they avoided misspellings and other common mistakes that alert officials to fraud.
“It is assumed that the fraud network behind this has a substantial PII database to submit the volume of requests seen so far,” the secret service note said.
The upsurge in fraud during the pandemic makes the cyber defense tasks of state and local governments even more difficult.
Criminal groups have locked down computer systems and detained them for ransom in dozens of cities in recent years, notably in Atlanta and Baltimore.
The federal government has not been of much help. Democrats on the House Homeland Security Committee urged President Nancy Pelosi (D-Calif.) To include $ 400 million to help state and local governments improve their cybersecurity in the next coronavirus stimulus funding round, but the money has not been included in the final bill, which was passed by the House on Friday.
Washington state, which is among the states worst hit by the pandemic, is a major target for unemployment fraud.
The state shut down its entire unemployment system over the weekend after discovering $ 1.6 million in erroneous payments, slowing the processing of an increase in legitimate unemployment claims, Seattle Times reports.
About one in three workers in Washington state filed for unemployment, and the state paid about $ 1.8 billion in claims in April, according to the newspaper. reported.
The crooks have also focused on filing bogus claims for people employed by school districts, universities and city governments.. One of the hardest hit organizations has been Western Washington University, which told the Seattle Times that 410 of its 2,463 staff were the target of fraudulent claims.
The operation also relies on a large number of “money mules” inside the United States, the Secret Service said.
These are the people who accept digital transfers of fraudulent money and then transfer it overseas to scammers, making it harder for law enforcement to keep up.
They are a staple of other Nigeria-based scam operations, which attempt to trick victims into sending money overseas to collect a prize or an inheritance or because they think it does. goes to a false romantic interest living abroad.
Mules sometimes fall victim to such online romance scams and don’t realize that they are committing fraud.
Officials in US states, the UK and Canada clash with Apple and Google over restrictions on companies’ contact tracing technology.
Companies have set tough limits on apps that use their Bluetooth-based system to track contacts of people infected with the coronavirus, including preventing them from also tracking people’s locations or sharing data directly with health agencies. public. But these restrictions threaten to make apps nearly useless for public health officials, Report by Reed Albergotti and Drew Harwell.
Apple and Google, meanwhile, say the restrictions are vital for protecting privacy. “Businesses are also concerned that easing restrictions on the use of Bluetooth by apps will drain the phone’s battery life, which could irritate customers,” Reed and Drew report.
The companies’ explanation angered public health officials who noted that large tech companies have long benefited from collecting large amounts of personal information.
“If it is between Google and Apple that have the data, I would much prefer that my doctor and the public health authorities have the data on my state of health.», Helen Nissenbaum, professor of information sciences and director of Digital Life Initiative at Cornell University said.
Germany, Italy and Ireland have switched in recent weeks to a system compatible with enterprise technology. Even the best tech watchdog in the European Union, Margrethe Vestager, urged members to embrace the business model so that the region can have a common approach that will track contacts between citizens as they cross borders.
The senior counterintelligence official, William Evanina, will take charge of political information campaigns on cybersecurity threats.
The briefings were organized by the FBI and the Department of Homeland Security, Reporting by Alex Marquardt and Zachary Cohen from CNN. The two agencies will still be involved in coordinating and sharing threat intelligence, but with the intelligence community leading the briefings now.
the shake follows growing reports that Russia is trying to interfere in 2020 elections and growing concern among Democrats that the White House is politicizing threat intelligence. Shelby Pierson, senior election security official told lawmakers in February that the Kremlin wanted to see the president reelected – only for the agency to say that Pierson overstated Russia’s preference in a follow-up briefing.
Evanina was confirmed by the Senate as director of the National Counterintelligence and Security Center earlier this month, but has been the centre’s acting director since 2014.
Hackers have targeted supercomputers used for coronavirus research in Switzerland, Germany and the UK.
It is not known if the attacks were related or who was behind them, but the nature of the attack indicates that the hackers may have tried to steal research, William Turton on Bloomberg Reporting. The malware affected the connection systems of computers, which are capable of performing much more complex calculations and at much faster speeds than consumer devices, but not machines or internal computer data.
Affected systems in Switzerland and the UK were still down this weekend for repairs.
The attacks took place the same week as the US government warned against China-based hackers targeting coronavirus research in US labs.
Intel’s final report from the Senate for its three-year investigation into Russia points to a declassification review.
Burr (RN.C.) submitted it to the intelligence community on Friday shortly before temporarily stepping down as committee chair as officials investigate the questionable financial sales he made at the start of the pandemic .
More government cybersecurity news:
Hackers want $ 42 million not to release documents related to President Trump. But there is no proof that they have what they claim.
Trump was never a client of the company, however. The law firm confirmed he was raped and said he worked with law enforcement.
The law firm has leading clients including Bruce Springsteen and Lady Gaga. Hackers released documents they said implicated the company’s work with Lady Gaga last week after refusing to pay the ransom, Rolling Stone Reports.
China’s Commerce Ministry has warned it will retaliate against the recent US ban on Huawei if necessary.
The ministry urged the United States to suspend the ban announced by the Trump administration on Friday on global suppliers of computer chips selling to Huawei and other companies the United States sees as national security risks, Reuters reports. Possible countermeasures could include new restrictions on U.S. companies, including Apple and Qualcomm, Beijing has warned.
More global cybersecurity news:
Online crooks regularly pretend to be someone they are not. But it takes a lot of nerve to pretend to be US Cyber Command Chief General Paul Nakasone and start flirting with people on Facebook Messenger. Jeff Stone from CyberScoop to the story:
“I went google this guy and thought, ‘are you kidding me? “Susan, who asked to be identified only by her first name, told CyberScoop. “And it was very flirtatious, but I’m a married woman.” But Susan and her friend Cindy continued to dig:
The crooks wouldn’t get away with it, however.
- The Center for Strategic and International Studies organize an online event “Who makes cyberspace safe for democracy? »Tuesday at 12:30 pm.
- The Senate trade commission will mark out the CYBER LEAP law at 10 a.m. on Wednesday.
In case you run out of virtual opening speeches to watch, here’s one more from Saturday Night Live: