In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
A hack by an unknown party caused some listeners of KIFT, a Colorado Top 40 radio station, to hear a sexually explicit podcast about the erotic attraction to furry characters. The unauthorized broadcast April 5 lasted for about 90 minutes, preempting normal fare from the likes of Taylor Swift.
This was not an isolated incident.
On the same day, Livingston, Texas-based country music station KXAX also broadcast raunchy furry-themed audio. The unauthorized broadcasts of a hobbyist group called FurCast reportedly were also aired on an unnamed station in Denver and an unidentified national syndicator.
Jason Mclelland, owner and general manager of the KXAX Radio Group, wrote in an email: "They talked about sex with two guys and a girl in explicit details and rambled on with vulgar language not really having much of a point to the podcast. I'm assuming there was no real reason for this hack."
Mclelland said the hack was carried out by someone who managed to take control of an audio streaming device sold by a company called Barix. It seems the attackers attempted to log in to large numbers of Barix boxes. When successful, the attackers locked out the rightful operators and caused the equipment to play Internet-accessible podcasts by FurCast.
"This appears to have been in the planning stages for some time by the person doing it," an advisory published by the Michigan Association of Broadcasters said of the Barix system hack. "Apparently, they have been accumulating passwords for some time. MAKE SURE that your password is of sufficient strength! Barix Boxes will take up to 24 characters…. In at least two cases, six-character passwords were cracked."
FurCast members were able to stop the attack by changing the Web addresses of the podcasts.
According to KIFT officials, the compromise hit a studio transmitter link used to send audio to a booster antenna and didn't affect broadcasts over the station's main signal.
"Our station was unable to regain control over the STL [studio transmitter link] until the station engineer actually traveled to the remote transmitter site and reprogrammed the system from that location," the station officials wrote.
This is the second suspected credit card breach in less than a year targeting the Trump Hotel Collection — a string of luxury properties connected to GOP presidential candidate Donald Trump.
A representative from Trump Hotels said the organization was probing the claims.
“We are in the midst of a thorough investigation on this matter,” the company said in a statement. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”
Financial sector sources noticed a pattern of fraud on customer cards suggesting that hackers have compromised credit card systems “at some — if not all — of the Trump Hotel Collection properties,” according to Krebs.
On July 1, 2015, banks reportedly believed a breach had occurred at Trump properties and last October the company confirmed its payment systems had been infected with card-stealing malware.
This go round, sources say they noticed a pattern of fraud on customer cards that were used within the past two to three months at hotel locations, including Trump International Hotel New York, Trump Hotel Waikiki in Honolulu and the Trump International Hotel & Tower in Toronto.
An unidentified hacker uploaded to the Web a 1.4 gigabyte compressed file containing the personal identifier numbers and other sensitive data on tens of millions of the country's citizens.
The leak also included a taunt that referenced sloppy data protections and a hardcoded password, which allowed the entire unencrypted database to be pulled from the Turkish government’s servers.
The hacker or hackers behind the breach seem to be American, based on another comment accompanying the leaked data that mentioned presidential candidate Donald Trump: “Lessons for the U.S.? We really shouldn’t elect Trump,” the message reads. “That guy sounds like he knows even less about running a country than Erdogan does.”
Turkey’s government has downplayed the leak, saying the data had actually been first aired in 2010—though critics counter the data wasn’t actually posted online and in a decrypted form until now.
Skeptics of the government's story also say, at the time, a crime ring was selling an even larger version of the database privately, but not dumping it on the Internet.
The new dumped data seems to be from 2008, "but its sheer scale represents a potential privacy nightmare for Turkish citizens: With Turkey’s population numbering around 80 million, the leak covers more than half the country. And even data like addresses and birth dates can serve as a starting point for identity theft in the hands of hackers who manage to cross-reference the breach with other stolen data," Wired reports.
The authenticity of the published data -- names, addresses, parents’ first names, cities of birth, birth dates, and national identifier numbers used by the Turkish government -- was verified by the Associated Press.
The excavation of internal records from a database at the world’s fourth biggest offshore law firm, Mossack Fonseca, reveals how the rich allegedly abuse secret offshore tax regimes. The files were obtained from an anonymous source by the German newspaper Süddeutsche Zeitung, which shared them with the International Consortium of Investigative Journalists. The consortium then shared them with more than 100 international partners, including the Guardian and the BBC.
Twelve national leaders are among 143 politicians, their families and close associates from around the world known to have been using offshore tax havens, though not all are illegal. One $2 billion trail leads to Vladimir Putin.
The leak is one of the biggest ever – larger than the U.S. diplomatic cables released by WikiLeaks in 2010, and the secret intelligence documents given to journalists by Edward Snowden in 2013. There are 11.5 million documents and 2.6 terabytes of information drawn from Mossack Fonseca’s database.