Hackers Intercept Hotmail of China’s Critics & Dox Minnesota Constituents; US Voter Database Escapes

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches: 

Chinese Government Broke Into Hotmail Accounts of International Critics

Several years ago, after witnessing the email hacks, Hotmail provider Microsoft decided not to tell the victims, allowing Chinese authorities to continue their surveillance campaign, former company employees say.

The hackers at the time were targeting, in particular, international leaders of China’s Tibetan and Uighur minorities.

The first public suspicions about attacks against China’s opponents came in May 2011. That's when security firm Trend Micro announced it had found a malware-laced email sent to someone in Taiwan.

The malicious program took advantage of a previously undetected flaw in Microsoft’s own Webpages and then commanded Microsoft’s free, consumer email services to forward copies of the user’s incoming mail to an account controlled by the attacker.

Former employees say Microsoft found that some interceptions had begun in July 2009.

Microsoft officials did not dispute that most of the attacks came from China, but said some came from elsewhere. They did not give further detail. 

In 2011, Microsoft forced users to pick new passwords without disclosing the reason.

The former employees said it was “likely the hackers by then had footholds in some of the victims' machines and therefore saw those new passwords being entered,” Reuters reports.

It’s unclear what happened to the email users and their correspondents as a result of Microsoft's failure to warn them about suspected government hacking.

Reuters interviewed five of the Hotmail hacking victims identified as part of Microsoft’s investigation. Most of them recalled the password resets, but none viewed the action as an indication anyone had read his or her email, let alone it may have been accessed by the Chinese government.

Minneapolis City Council Member Accused of Doxxing Constituents

City Council Member Alondra Cano, representing the 9th Ward, tweeted unredacted messages she received from residents who disapproved of her involvement with Black Lives Matter.

Cano attended a controversial Dec. 23 protest organized by the group that took place inside an already-crowded gathering place, Mall of America. The mall's management, contending the location is private property, unsuccessfully tried to ban the event.

Cano confronted trouble when she posted screenshots of notes critics emailed her via the city’s public contact forum, which included personal information like their email addresses, home addresses and phone numbers.

Cano has since deleted the tweets.

U.S. Voter Database Mysteriously Appears Online, in the Open

A misconfigured database has provided users of the World Wide Web access to 191 million voter records. White hat hacker Chris Vickery happened upon the leaky system and sent CSO’s Steve Ragan his personal voter record to prove it.

“It was current based on the elections listed," Ragan writes. "My personal information was accurate, too."

Vickery and the parents of Forbes’ Thomas Fox-Brewster also were listed in the dump.

Vickery told Ragan: "I needed to know if this was real, so I quickly located the Texas records and ran a search for my own name. I was outraged at the result. Sitting right in front of my eyes, in a strange, random database I had found on the Internet, were details that could lead anyone straight to me. How could someone with 191 million such records be so careless?"

The database contains a voter's full name, home address, mailing address, a unique voter ID, state voter ID, gender, date of birth, date of registration, phone number, a yes/no field for if the number is on the national do-not-call list, political affiliation, and a detailed voting history since 2000. In addition, the database contains fields for voter prediction scores.

Each state has its own rules for the protection of such data.

No one has claimed ownership of the data or responsibility for the security flub. 

It would appear every registered U.S. voter is included in the leak, Forbes says. 

It could be that a nonhosted NationBuilder customer was responsible for the misconfiguration. The company's CEO Jim Gilliam said “it is possible that some of the information it contains may have come from data we make available for free to campaigns”.

To some, it might not seem alarming that this, largely public, information is in the wild, but campaigns charge thousands of dollars to see it all aggregated in this manner.

“Right now, thanks to someone’s carelessness, it’s free to anyone who can find what Vickery did," Forbes writes. "That means anyone in the world can find out where a person in the US lives and what political beliefs they may have. If they can find the database, scammers and marketing folk alike will likely benefit most."

Robbers Skim Quincy Credit Union ATMs

The financial institution in Quincy, Massachusetts, near Boston, suspended customer ATM cards on Dec. 27 after multiple people reported fraudulent charges.

The credit union notified customers on a Facebook page that same day, saying it was investigating a potential breach.

Hundreds of people were affected. Skimmers are believed to have been placed on the ATMs. It is unclear how much money was taken in total.

CBS found several customers who had anywhere from $500 to $1,200 removed from their accounts by the thieves.

“It was horrible,” said victim Kim Adams who lost $500. “I was working and taking money out to get some gas on the way from work and that’s when I found out so Merry Christmas to me. When I saw New York, I thought maybe my husband bought me a Christmas present maybe from New York but no, it was an ATM withdrawal.”

(Image via PKpix/Shutterstock.com)