VA Notifies Veterans of Compromised Personal Information

The U.S. Department of Veterans Affairs (VA) Office of Management today announced a data breach involving the personal information of approximately 46,000 Veterans

Hackers attempted to reroute medical payments from the VA, exposing information of 46,000 Veterans

The U.S. Department of Veterans Affairs (VA) Office of Management today announced a data breach involving the personal information of approximately 46,000 Veterans and actions taken by the department to prevent and mitigate any potential harm to those individuals. 

The Financial Services Center (FSC) determined one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the­ medical treatment of Veterans.

The FSC took the application offline and reported the breach to VA’s Privacy Office.

A preliminary review indicates these unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols.

To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology. 

To protect these Veterans, the FSC is alerting the affected individuals, including the next-of-kin of those who are deceased, of the potential risk to their personal information.

The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised. 

Veterans whose information was involved are advised to follow the instructions in the letter to protect their data.

There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident. 

Veterans or Veteran next-of-kin that receive notification their information is potentially at risk from this incident can direct specific questions to the FSC Customer Help Desk to or writing to VA FSC Help Desk, Attn: Customer Engagement Center, .P.O. Box 149971, Austin, TX 78714-9971. 

Blogs to Follow: (September 2020)  VA notifies Veterans of compromised personal information

Trend Micro Research Identifies Critical Industry 4.0 Attack Methods

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today released research describing how advanced hackers could leverage unconventional, new attack vectors to sabotage smart manufacturing environments.

For this report, Trend Micro Research worked with Politecnico di Milano in its Industry 4.0 lab, which houses real manufacturing equipment from industry leaders, to demonstrate how malicious threat actors can exploit existing features and security flaws in Industrial IoT (IIoT) environments for espionage of financial gain.

“Past manufacturing cyber-attacks have used traditional malware that can be stopped by regular network and endpoint protection. However, advanced attackers are likely to develop Operational Technology (OT) specific attacks designed to fly under the radar,” said Bill Malik, vice president of infrastructure strategies for Trend Micro. “As our research shows, there are multiple vectors now exposed to such threats, which could result in major financial and reputational damage for Industry 4.0 businesses. The answer is IIoT-specific security designed to root out sophisticated, targeted threats.”

“Politecnico di Milano is fully committed to supporting Industry 4.0 in addressing crucial aspects related to security and reliability of automated and advanced controls, especially as they gain relevance in all production sectors and increasingly impact business,” said Giacomo Tavola, Contract Professor in Design and Management of Production Systems and Stefano Zanero, Associate professor in Advanced Cybersecurity Topics for Politecnico di Milano.

Critical smart manufacturing equipment relies primarily on proprietary systems, however these machines have the computing power of traditional IT systems. They are capable of much more than the purpose for which they are deployed, and attackers are able to exploit this power. The computers primarily use proprietary languages to communicate, but just like with IT threats, the languages can be used to input malicious code, traverse through the network, or steal confidential information without being detected.

Though smart manufacturing systems are designed and deployed to be isolated, this seclusion is eroding as IT and OT converge. Due to the intended separation, there is a significant amount of trust built into the systems and therefore very few integrity checks to keep malicious activity out.

The systems and machines that could be taken advantage of include the manufacturing execution system (MES), human machine interfaces (HMIs), and customizable IIoT devices. These are potential weak links in the security chain and could be exploited in such a way to damage produced goods, cause malfunctions, or alter workflows to manufacture defective products.

The report offers a detailed set of defense and mitigation measures, including:

  • Deep packet inspection that supports OT protocols to identify anomalous payloads at the network level
  • Integrity checks run regularly on endpoints to identify any altered software components
  • Code-signing on IIoT devices to include dependencies such as third-party libraries
  • Risk analysis to extend beyond physical safety to automation software
  • Full chain of trust for data and software in smart manufacturing environments
  • Detection tools to recognize vulnerable/malicious logic for complex manufacturing machines
  • Sandboxing and privilege separation for software on industrial machines

To find out more and read the full report, please visit: (May 2020) Trend Micro Research Identifies Critical Industry 4.0 Attack Methods

Romanian Hackers Sentenced

Bayrob Group members Bogdan Nicolescu and Radu Miclaus were both convicted on wire fraud, money laundering, and identity theft charges. In December 2019, Nicolescu was sentenced to 20 years and Miclaus to 18 years in prison.

Members of Bayrob Criminal Enterprise Infected Thousands of Computers with Malware, Stole Millions of Dollars

The hackers were like modern-day John Dillingers, brazenly committing their crimes and repeatedly escaping law enforcement’s grasp.

But like Dillinger and most other criminals, they eventually slipped up, and the FBI and its international partners were waiting for them after years of tracking their activities.

Auction Fraud Gets Law Enforcement’s Attention

In 2007, an Ohio woman wired thousands of dollars to an eBay seller thinking she was buying a used car. The car never arrived. When she went to her local police department, the listing did not appear on the officers’ computers.

That’s because the woman was on a fraudulent version of the online auction site that mimicked the real one—a result of having unknowingly downloaded malicious software, known as malware, to her computer.

And to thousands of other victims just like her, the website and transactions looked legitimate. But buyers who thought they were wiring money across town were, in fact, sending money to hackers halfway across the world.

Shop Amazon Gift Cards. Any Occasion. No Expiration.

The hackers, known as the Bayrob Group, laundered the money via money mules, making it difficult to track. (Money mules are criminal accomplices who, often unwittingly, move criminal money through their own bank accounts.) Additionally, if a user on an infected machine went to the “Help” section of the site, they were met with the hackers’—not eBay’s—customer service.

The Bayrob hackers also blocked websites like—the FBI’s Internet Crime Complaint Center—where a user might have gone for help. And before smartphones were so common, the infected computer may have been a victim’s only access to the Internet.

The would-be car buyer, along with many other victims, lost her money because wiring funds lacks the consumer protection of a credit card. Agents estimate each victim lost between $8,000 and $11,000.

“At the time, this was really cutting edge,” said Special Agent Ryan Macfarlane, who worked this case out of the FBI’s Cleveland Field Office. “These guys did a very good job of staying current with the technologies in the cyber-criminal underground.”

Following the Money and the Malware

The Bayrob hackers were frustratingly nimble and good at covering their tracks. They used multiple layers of proxy servers to hide their location. Those proxy servers communicated with the “command and control” servers that talked to the thousands of computers the malware had infected.

But as the hackers gained more victims, more partners joined the investigation. The FBI worked with numerous law enforcement agencies around the world on this case, as well as with companies such as AOL, eBay, and Symantec.

Beginning in 2012, the Bayrob Group began to diversify its criminal business as technology advanced. They continued to spread their malware via spam and social media, but they also got into cryptocurrency mining and selling credit card numbers on the Darknet.

“They had all of these infected systems, and they tried to use as many ways as possible to make money from them,” Macfarlane said.

Mistake Yields a Break in the Case

A break finally came when a Bayrob participant accidentally logged into his personal email instead of his criminal one. AOL, who was investigating his abuse of their network, connected the two accounts. That personal account led to online profiles in Romania and on social media—essentially the first action tying one of the suspects to the crimes.

That small mistake helped set investigators, in partnership with the Romanian National Police, on a path toward discovering the identities of all three hackers. And after much further investigation, including undercover buys from the group on Darknet marketplace Alphabay, the FBI had enough evidence to work with Romanian authorities on the arrests.

By the time the hackers were arrested in 2016, the Bayrob Group had become one of the top senders of malicious email.

“We were essentially taking down this entire infrastructure and arresting the three individuals at one time,” Macfarlane said. “And the Romanian National Police were key partners in this effort. They stuck with us year after year. We couldn’t have done this without them.”

Bayrob Group members Bogdan Nicolescu and Radu Miclaus were both convicted on wire fraud, money laundering, and identity theft charges. In December 2019, Nicolescu was sentenced to 20 years and Miclaus to 18 years in prison.

A third member of the group, Tiberiu Danet, pleaded guilty to similar charges. He was sentenced in January to 10 years in prison.

While it was years in the making, putting a stop to these prolific thieves was worth the time and effort for the investigators—even when the hackers were as elusive as a gangster on the run.

“We stuck with it because these guys weren’t stopping,” Macfarlane said. “They continued to evolve, and they were becoming a bigger and bigger threat.”

Protecting Yourself Online

Although many of the victims had no way of knowing their computers were compromised, there are steps you can take to protect yourself and your devices, such as making sure your antivirus and operating systems are always up to date. Also be careful of what you click on, even if it’s coming from someone you know.

“A lot of people don’t think that someone they know will be compromised,” said FBI Special Agent Stacy Diaz, who also worked on the case. “These hackers know how social networks work, and they use those relationships to grow their network.” (February, 2020) Romanian Hackers Sentenced

Help a veteran in need by donating here.