hackers

Ballston Cybersecurity Startup Combats Vaccine Misinformation

By Jo DeVoe

Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring Shirlington Gateway. The new 2800 Shirlington recently delivered a brand-new lobby and upgraded fitness center, and is adding spec suites with bright open plans and modern finishes. Experience a prime location and enjoy being steps from Shirlington Village.

Ballston-based cybersecurity startup GroupSense is helping governments fend off targeted attacks on COVID-19 vaccine distribution.

The vaccine action plan, a modified version of GroupSense’s 2020 election plans, is a pivot that CEO and founder Kurtis Minder never envisioned when he established the company in 2014.

“We didn’t go seeking this out — it came to us,” he said.

Today, GroupSense helps a handful of local governments combat vaccine misinformation and negotiate with hackers targeting manufacturers in the vaccine’s supply chain. The company anticipates working with these municipalities for one year, but could extend that work if the protections are still needed later on.

During the 2016 and 2020 elections, GroupSense worked with municipalities, website hosts and social media companies to take down misinformation. After the 2020 elections, Minder said local governments asked GroupSense to secure their vaccine rollouts.

“It occurred to us that you could use this technology on vaccines,” Minder said.

GroupSense reports “disinformation” to local governments, which decide whether to take down or refute the claims, he said.

“If someone on Reddit starts a thread, it gives City Hall the opportunity to get into that conversation and post links to debunk that particular narrative,” Minder said.

While rumors run rampant on Reddit, bad actors working for foreign governments or themselves are taking advantage of the increased cybersecurity risks of remote work, he said.

“The remote-work problem has actually made ransomware easier,” he said. “Eighty percent of the time, the way the bad guy gets in, it’s because the company did not secure the network properly for work-from home.”

Government-led attacks are originating from countries including Russia and Iran, he said. They are often aimed at stealing intellectual property related to vaccines, and are harder to detect and stop because they have more resources.

Meanwhile, hackers looking to make a buck are demanding ransoms of small-scale businesses, such as refrigeration companies, which keep the vaccines cold, Minder said.

These hackers, from Russia, Moldova or Belarus, get access to a network, shut it down and demand a ransom, Minder said. They target “low-hanging fruit,” or businesses that are less likely to be secured against cyber threats and more likely to pay a ransom because the vaccine is in high demand.

“It just reinforced something we already knew: The security of the supply chain is really important to the outcomes of an organization,” he said.

GroupSense keeps tracks of these reports in a dashboard that it developed, Minder said. Federal law enforcement agencies have access to this dashboard, and use it to track attack trends, he said.

The CEO advises companies and governments to secure their remote access, teach employees about phishing, and ensure they only use private emails to sign up for non-work-related accounts.

This year, the company — located at 4040 Fairfax Drive, in the Marymount University building — reported 65% year-over-year growth, despite the pandemic.

Morning Notes

By ARLnow.com

Heat Advisory in Effect — Arlington and D.C. are under a Heat Advisory from noon to 8 p.m. today. The heat index this afternoon is expected to reach between 100 and 105 degrees. [National Weather Service, Twitter]

Hacked Sign Causes County Concern — ARLnow’s report about an electronic road sign near Shirlington being hacked to display a vulgar video game meme prompted a serious conversation at county government headquarters. “To some this is a ‘prank’ to me it is an indication of a lack of security on a portion of our [technology] infrastructure,” Arlington’s Chief Information Officer wrote in an internal email chain. “What if the message was ‘Terrorist Attack in Washington, please leave the area'[?]” [State Scoop]

Flag at Gov’t Buildings to Be Lowered for McCain — Virginia Gov. Ralph Northam has ordered the state flag lowered to half-staff until sunset on Sept. 2 in honor of the late Sen. John McCain. The order applies to all local, state and federal buildings in Virginia. [Twitter]

Late Night Ramp Closure Planned — “The ramp from the southbound George Washington Memorial Parkway to eastbound I-66 and westbound Route 50 (Arlington Boulevard) will be closed Wednesday night, Aug. 29 and Thursday night, Aug. 30 from midnight to 4 a.m. each night for work on the I-66 overpass, according to the Virginia Department of Transportation.” [VDOT]

Flickr pool photo by Erinn Shirley

County Board Member’s Twitter Account Hacked During Board Meeting

By ARLnow.com
1/2

Arlington County Board member Katie Cristol’s Twitter account was hacked and started tweeting out dozens of spam links during Tuesday afternoon’s Board meeting.

The spam barrage started shortly after the meeting got underway at 3 p.m. As of 5:30 p.m. the tweets had not yet been deleted.

Kristol is perhaps the Board’s most active member on Twitter, often tweeting out community information and brief summaries of Board meetings.

Update at 6:25 p.m. — The hack has been fixed, Cristol tweeted.

Morning Notes

By ARLnow.com

Ballston (photo courtesy Noah Kaufman)

NAACP Wants War Memorial Plaque Changed — The Arlington chapter of the NAACP wants a plaque on the war memorial in Clarendon updated. The plaque lists Arlingtonians killed in World War I, but separates two “colored” military members from the rest of the local war dead. The NAACP says it would like to get the plaque removed and replaced. “We owe it to those who fought and died,” said local NAACP president Karen Nightengale. [InsideNova]

Two Restaurant Chains Coming to Arlington — Two regional franchise operators have signed agreements that will bring two expanding restaurant chains to Arlington. A former Domino’s Pizza franchisee is planning to open an Arlington location of Wisconsin-based Toppers Pizza, in addition to locations elsewhere in Northern Virginia. Meanwhile a Five Guys franchisee says it will be opening 10 Newk’s Eatery locations in Arlington and Fairfax counties. The Mississippi-based soup, salad, sandwich and pizza chain is big in the Southeast U.S., with more than 100 locations in 13 states and an aggressive expansion plan. [WTOP, Washington Business Journal]

Arlington Hotels Hacked — Two Arlington hotels have reportedly had their payment systems compromised by hackers. HEI Hotels and Resorts says malware was found on its systems at 20 hotels, including the Le Meridien in Rosslyn and the Sheraton Pentagon City on Columbia Pike. The hack potentially exposed the credit card information of hotel guests and customers. [Associated Press]

Pokemon Go at the Pentagon — Department of Defense officials have put the kibosh on DoD employees playing Pokemon Go on government phones, citing concerns about the game tracking the movement of its employees. The DoD has also reportedly told Pentagon employees to only play the game outside of the building. A Pokemon “gym” inside the Pentagon has been removed. [The Guardian, Twitter]

Bethesda Man Bought $1 Million Lottery Ticket in Arlington — The $1 million-winning Powerball ticket that was sold at a Ballston 7-Eleven store last month was sold to a Bethesda resident. Larry Elpiner says he plans to “share his winnings with family and friends,” in addition to paying for his daughter’s college education. [WUSA 9]

Photo courtesy Noah Kaufman

Scope of APS Employee Data Breach Expands

By ARLnow.com

Arlington Public Schools administration buildingArlington Public Schools says around 40 more employees have been victims of a data breach that compromised employee tax information.

That’s in addition to the 28 employees APS said were affected last week.

APS said an unknown party or parties were able to login to APS’ secure data system, STARS, via use of “personally identifiable information… from an unknown source.”

Employees were given the latest update on the data breach Wednesday afternoon, said Assistant Superintendent Linda Erdos.

APS is taking steps to better secure its systems, employees were told.

In addition to the steps we took last week to contract with cybersecurity experts to assist with our on-going investigation, we have put in place several more precautions to protect all employees’ personal information.

1.       We have changed the STARS password for all accounts that may have been compromised.

2.       We have disabled the “self-service password reset” feature in STARS. Now, if you need to reset your password, you need to call the Help Desk at x2847.

3.       We also have added a new requirement for logging into STARS with a device that is outside of the APS network.  The system will now require you to provide your APS network username and password first before you can log into STARS.

With the help of the outside organizations and experts that we have hired, our entire team in the Department of Information Services continues to focus on the ongoing investigation.  In addition, we have obtained the services of an outside cybersecurity expert to advise us on additional steps that can be taken to further ensure our network security.  We have also contracted with an outside organization to perform regular security audits of our network in the future.

Shortly after our first article on the data breach was published last week, a tipster told ARLnow.com that the problem was bigger than APS had admitted.

What the ‘announcement’ did not say was that multiple APS employees have been informed by the IRS in the last two weeks that fraudulent returns for 2015 have been filed with their name and social security number along with that of their spouses and children, information beyond W2 information. This is beyond the supposedly 28 employees breached by the exposure of their W2s.

Here’s what the same tipster said earlier this week.

In a follow up to your story of a week ago. In addition to the 28 employees, there are over 90 APS employees who have been impacted by a data breach with many having fraudulent tax returns filed using their names and social security numbers along with their dependents.

Said APS: “We will continue our investigation of the most recent event and update everyone if we obtain additional information.”

Data Breach Affecting Some APS Employees

By ARLnow.com

Arlington Public Schools administration building(Updated at 3:20 p.m.) More than two dozen Arlington Public Schools employees have had their social security numbers and tax information compromised in a data breach, according to a memo sent to APS employees Monday.

The breach exposed the W-2 tax forms of 28 APS employees, the school system said. APS issues around 7,000 W-2 forms to employees annually, according to Assistant Superintendent Linda Erdos.

The breach occurred on a third-party server and there is no evidence that APS’ own systems were compromised, the memo says. However, APS has notified the FBI about the incident.

More than 40 companies reported attacks that compromised employee W-2 data during the first quarter of this year, according to news reports.

The memo to employees is below.

Recently, the staff in our Information Services Department was notified that files of W-2 tax forms for 28 APS employees were discovered to have been stored by an unknown party on an out-of-state organization’s server that had been hacked.

After reviewing the circumstances and the contents of the 28 files, at this time we believe that the W-2s were generated individually through the “employee self-service” feature of our STARS ERP system. We have not found any indication or evidence at this time to indicate that this represents a breach of APS the data systems.  Currently, we believe that this is a limited incident.

Human Resources staff has contacted the 28 staff members directly to inform them of this discovery, and to provide them with some guidance to help them address the situation.

We have heard recent news reports that this has happened to other individuals in our region and throughout the country, particularly right now as we are at the conclusion of the federal tax filing period. Therefore, APS is taking several steps that are in line with our standard data practices. They will also assist us with our continued investigations, and will help to ensure that our data continues to be protected.

  • First, we have contacted the FBI and notified them about this incident.
  • We have also contacted the AT&T Cybersecurity Unit and they are performing a complete threat assessment for all of our APS systems.
  • Finally, while we will continue to collaborate with the FBI and all parties who are investigating this incident, we have also hired Dr. Naren Kodali, who is an information security expert, to consult on our APS data security systems.  Dr. Kodali is a highly-qualified and well-known professional in the field of cyber-security as well and is a professor of Information Security at George Mason University, and has also served as the Dean of Computer Information Systems at other universities.

In addition, as a precaution, we are providing all APS staff with recommendations of best practices that everyone should take to safeguard your personal information online, both at work and at home. Those tips have been posted online in the Staff Central section of the APS website.

Morning Notes

By ARLnow.com

Future Target store in Rosslyn

Another Jury Duty Scam — Scammers are once against targeting Arlington residents with phony phone calls about jury duty. At least 15 cases were reported in September of residents receiving calls from someone claiming to be a law enforcement officer and demanding a “good faith” payment over the phone for failing to appear for jury duty. The calls are fraudulent and police are investigating. [Arlington County]

Deaf Inmate’s Lawsuit Against Arlington — A deaf Ethiopian immigrant says the six weeks he spent in the Arlington County jail was torturous. Abreham Zemedagegehu has a limited ability to read or write English, and as a result missed meals and went without needed pain medication during his stay. A lawsuit against the county, filed pro bono by the law firm Akin Gump, says the jail should have had a sign language interpreter. [Washington Post]

Arlington Wages on the Rise — Wages for those who work in Arlington rose 2.7 percent in the first quarter of 2015, higher than the national average of 2.1 percent. Arlington has the 10th highest wages among the largest 342 counties in the U.S. [InsideNova]

New Process Proposed for New Schools — The county’s Community Facilities Study Committee has made recommendations for a new “siting process” for new and expanded schools and county facilities. “The siting process is intended to improve upon current practices and function as a project management tool to make siting decisions efficiently, effectively and with ample community input,” according to a press release. [Arlington County, Arlington Public Schools]

Lots of Debates for County Board Candidates — The four Arlington County Board candidates are scheduled to participate in 14 debates in various parts of the county by the time election day rolls around in November. [Washington Post]

Va. State Police Cruisers Hacked — Computer security experts were able to hack into Virginia State Police vehicles, preventing the cars from starting or moving. The hacks were done as a security measure, as part of a state initiative to prevent future hacks of Virginia’s fleet of police cruisers and official vehicles. [Dark Reading]

October is Domestic Violence Awareness Month — Today is Oct. 1, the start of Domestic Violence Awareness Month. “The Arlington County Police Department has partnered with Doorways for Women and Families, our community advocate, to bring attention to this worthy cause,” according to a press release. During October, many ACPD vehicles will display a purple ribbon donated by Doorways. Last year, Arlington police were called to 2,086 incidents of domestic violence, resulting in 196 arrests. [Arlington County]

Arlington’s Most Lecherous ZIP Codes, As Determined by the Ashley Madison Hack

By ARLnow.com

Arlington ZIP code map(Updated at 12:25 p.m.) Joint Base Myer-Henderson Hall, Pentagon City, Crystal City and Rosslyn have the highest percentage of Ashley Madison users in Arlington, according to the hacked user list from the site.

The now-notorious hack exposed the names, addresses and other personal information of the site’s millions of users, who signed up with the promise of finding partners for discreet extramarital affairs.

ARLnow.com obtained a list of local users, sorted by ZIP code. There are some duplicate and anonymous entries in the data, so the following represents the raw number of user entries by ZIP code, sorted by percentage of the overall population.

22211 (Joint Base Myer-Henderson Hall)
Users: 17 (2.6% of 648 population)

22202 (Crystal City, Pentagon City, Aurora Highlands)
Users: 311 (1.6% of 22,543 population)

22209 (Rosslyn)
Users: 192 (1.6% of 12,314 population)

22201 (Clarendon, Lyon Village, Lyon Park)
Users: 437 (1.3% of 33,476 population)

22206 (Shirlington, Fairlington, Nauck)
Users: 195 (1.0% of 19,051 population)

22213 (Bishop O’Connell High School area)
Users: 30 (1.0% of 2,936 population)

22203 (Ballston, Buckingham)
Users: 190 (0.9% of 21,850 population)

22205 (Westover, Waycroft-Woodlawn)
Users: 145 (0.8% of 17,087 population)

22204 (Columbia Pike corridor)
Users: 323 (0.7% of 47,233 population)

22207 (North Arlington neighborhoods)
Users: 221 (0.7% of 30,920 population)

Among those Arlington residents named on the list is an unsuccessful candidate in a recent local election. However, because ARLnow.com cannot verify that those named on the list were the actual users of the site, we will not name users nor link to the list. Comments that name users will be removed.

Correction: We erroneously combined the 22202 and 22203 ZIP codes in an earlier version of this article. The error has been corrected.

Morning Notes

By ARLnow.com

A weather station in Fairlington

Arlington No. 1 in Public Transit to D.C. — Among suburban D.C. counties, Arlington has the highest percentage of commuters who travel to the District via public transit. In Arlington, 53 percent of D.C. commuters take public transit, while 36 percent drive alone and 8 percent carpool. Montgomery County was second, with 43 precent of D.C. commuters taking public transit. [WTOP]

Vihstadt Campaign Website Hacked? — County Board member John Vihstadt’s campaign website has apparently been hacked by online porn purveyors and its homepage now displays a profane message. That message is also visible when you search for “John Vihstadt” on Google. Vihstadt was elected to a four year term last November and won’t be up for reelection until 2018. [Twitter – NOT SAFE FOR WORK]

County Ranked Top 50 Event Destination — Arlington County has been ranked No. 36 on a list of the top 50 U.S. localities for meetings and events. The District ranked No. 6 and National Harbor ranked No. 35 on the list, from event software provider Cvent. The ranking “reflects Arlington’s appeal as a vibrant urban destination in the heart of the nation’s capital – one that offers the convenience of downtown D.C. with hotel rates averaging up to 20 percent less,” a county official said. [Arlington County]

Columbia Pike Parking Mishap — A car ran partially over an embankment in a shopping center parking lot at the intersection of Columbia Pike and S. Dinwiddie Street on Sunday evening. [Twitter]

Pike Photography Book — “Living Diversity: The Columbia Pike Documentary Project,” has been published by the University of Virginia Press. The book “is the extraordinary result of a team of five insightful and highly skilled photographers and interviewers portraying the contemporary life of people and sites along the exceptionally ethnically-diverse and rapidly-changing Columbia Pike corridor.” The hardcover version is selling for $39.95 on Amazon. [Preservation Arlington]

Four Charged in PBS Hacking Case

By ARLnow.com

Federal prosecutors announced charges today against four alleged computer hackers in connection with last year’s hack of the web site of PBS.

Prosecutors say Ryan Ackroyd, Jake Davis, Darren Martyn and Hector Xavier Monsegur — alleged members of the “hacktivist” group LulzSec — hacked into PBS servers last year in retaliation for what they perceived to be unfavorable coverage of Wikileaks by the PBS news program “Frontline.” At the time, news outlets reported that LulzSec defaced PBS.org and posted a fake story on the PBS NewsHour website suggesting that the late rapper Tupac Shakur was actually alive and well in New Zealand.

PBS is based in Crystal City and the PBS NewsHour is produced in Shirlington, though prosecutors say the organization’s computer servers were actually located in Alexandria.

Ackroyd and Davis, of the United Kingdom, and Martyn, of Ireland, are each charged with two counts of computer hacking conspiracy. In addition to the PBS hack, they’re also accused of hacking into the systems of Sony Pictures Entertainment, Rockville-based Bethesda Softworks, and other companies.

Monsegur, of New York City, has already pleaded guilty to a host of charges connected with those hacking incidents. See the full list of charges from a United States Attorney’s Office press release.