Hackers Spy on UK for ISIS, Eavesdrop on Cal State Sex Assault Class, and Hijack Energy Dept. Systems

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

ISIS Breached UK Ministerial Email Accounts

Islamic extremists in Syria hacked into ministerial email accounts during a cyberespionage operation. Junaid Hussain, an ISIS computer hacker from Birmingham killed by U.S. forces in an August drone strike, is believed to have been involved in the computer attack.

Hussain in 2012 was jailed six months for a hack that compromised Tony Blair’s electronic diary.

The recent cyber threat first emerged in May.

It is unclear what information the extremists were able to access. By hacking into the offices of senior ministers, ISIS could have learned of events that government figures and members of the Royal family were expected to attend.

Insurance Plan Excellus BCBS Announces 19-Month-Old Hack Attack

The Blue Cross Blue Shield company in western New York and its affiliates say the incident might have provided intruders a gander at 10 million personal records.

There is no evidence yet any information was abused or copied.

The accessed data could include customers' names, birth dates, Social Security numbers, mailing addresses, phone numbers, member identification numbers, financial account information and claims information.

Hackers Entered Energy Department Computers Over 150 Times

Records from a Freedom of Information Act request show 53 of 159 malicious cyberincidents at the agency in recent years were "root compromises," meaning the attackers gained administrative privileges to department systems.

Records show 90 of the intrusions affected the department's Office of Science, which oversees 10 of the nation's federal energy laboratories. The National Nuclear Security Administration, responsible for managing and securing the nation's nuclear weapons stockpile, experienced 19 successful attacks during the four-year period tracked.

An inspector general audit released October 2014 found 41 Energy servers and 14 workstations "were configured with default or easily guessed passwords."

Breach Exposes Relationship Info on Pupils in Cal State Sexual Harassment Course

A university-hired vendor offering students online sexual-violence prevention courses was hacked.

The noncredit classes are required for all students by state law.

Cal State officials said there was a “vulnerability in the underlying code” at course provider We End Violence.

Information such as passwords used to log into the class, as well as sign-in names, campus-issued email addresses, gender, race, relationship status and sexual identity were exposed.

City of Boston License Plate Reader Data Accessible to the Public

Up until two weeks ago, if someone saw your sleek ride and wanted to rob your mansion, they could find your parking permit number to obtain your address, according to an investigative reporter.

The system -- publicly viewable with files available for download -- included motor vehicle records that date back to 2012. It is unclear how long the system had been exposed before the reporter noticed the apparent security lapse and contacted officials who own the server.

After being alerted to the data leak, an American Civil Liberties Union employee discovered his own plate number and address in the database, as did other Boston residents who park and drive around the city.

In Boston, a city of approximately 600,000 people, parking enforcers maintained a hot list with 720,000 hits, each of which notes a plate number, location info, and available make and model data. 

(Image via SurangaSL/ Shutterstock.com)