Twitter says hackers compromise 250K accounts
by TERRY COLLINS
SAN FRANCISCO—Twitter confirmed Friday that it had become the latest victim in a number of high-profile cyber-attacks against media companies, saying that hackers may have gained access to information on 250,000 of its more than 200 million active users.
The social media giant said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected.
But it discovered that the attackers may have stolen user names, email addresses and encrypted passwords belonging to 250,000 users. Twitter reset the pilfered passwords and sent emails advising affected users.
The online attack comes on the heels of recent hacks into the computer systems of U.S. media and technology companies, including The New York Times and The Wall Street Journal. Both American newspapers reported this week that their computer systems had been infiltrated by China-based hackers, likely to monitor media coverage the Chinese government deems important.
China has been accused of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics. The Chinese foreign ministry could not be reached for comment Saturday, but the Chinese government has said those accusations are baseless and that China itself is a victim of cyber-attacks.
"Chinese law forbids hacking and any other actions that damage Internet security," the Chinese Defense Ministry recently said. "The Chinese military has never supported any hacking activities."
Although Bob Lord, Twitter's director of information security said in the blog that the attack "was not the work of amateurs, and we do not believe it was an isolated incident."
"The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," Lord said. "For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."
One expert said that the Twitter hack probably happened after an employee's home or work computer was compromised through vulnerabilities in Java, a commonly used computing language whose weaknesses have been well publicized.
Ashkan Soltani, an independent privacy and security researcher, said such a move would give attackers "a toehold" in Twitter's internal network, potentially allowing them either to sniff out user information as it traveled across the company's system or break into specific areas, such as the authentication servers that process users' passwords.
In a telephone interview Friday, Soltani said that the relatively small number of users affected suggested either that attackers weren't on the network long or that they were only able to compromise a subset of the company's servers.
Twitter is generally used to broadcast messages to the public, so the hacking might not immediately have yielded any important secrets. But the stolen credentials could be used to eavesdrop on private messages or track which Internet address a user is posting from.
That might be useful, for example, for an authoritarian regime trying to keep tabs on a journalist's movements.
"More realistically, someone could use that as an entry point into another service," Soltani said, noting that since few people bother using different passwords for different services, a password stolen from Twitter might be just as handy for reading a journalist's emails.
Alabama hostage standoff enters 3rd full day
by MELISSA NELSON-GABRIEL and JAY REEVES
MIDLAND CITY -- More than three days after authorities said a gunman shot a school bus driver dead, grabbed a kindergartner and slipped into an underground bunker, the man showed no signs Friday of turning himself over to police.
Speaking into a 4-inch-wide ventilation pipe leading to the bunker, hostage negotiators have tried to talk the gunman, identified by neighbors as Jimmy Lee Dykes, into freeing the 5-year-old boy. One local official said the child had been crying for his parents.
Dykes, a 65-year-old retired truck driver, is accused of pulling the boy from a school bus Tuesday and killing the driver who tried to protect the 21 youngsters aboard. The gunman and the boy were holed up in a small room on his property that authorities likened to a tornado shelter.
"The three past days have not been easy on anybody," Dale County Sheriff Wally Olson said late Thursday. He said authorities were communicating with the suspect. "There's no reason to believe the child has been harmed."
But there were signs that the standoff could continue for some time.
The shelter has electricity, food and TV, according to a state legislator. The police chief said the captor has been sleeping and told negotiators that he has spent long periods in the shelter before.
The shelter was about 4 feet underground, with about 6-by-8 feet of floor space and a PVC pipe that negotiators were speaking through, said James Arrington, police chief of the neighboring town of Pinckard.
"He will have to give up sooner or later because (authorities) are not leaving," Arrington said. "It's pretty small, but he's been known to stay in there eight days."
Midland City Mayor Virgil Skipper said he has been briefed by law enforcement agents and has visited with the boy's parents.
"He's crying for his parents," he said. "They are holding up good. They are praying and asking all of us to pray with them."
Republican Rep. Steve Clouse, who represents the Midland City area, said he visited the boy's mother Thursday and that she is "hanging on by a thread."
"Everybody is praying with her for the boy," he said.
Clouse said the mother told him that the boy has Asperger's syndrome, an autism-like disorder, as well as attention deficit hyperactivity disorder, or ADHD. Police have been delivering medication to him through the pipe, he added.
The normally quiet red clay road leading to the bunker was teemed Friday with more than a dozen police cars and trucks, a fire truck, a helicopter, officers from multiple agencies and news media near Midland City, population 2,300.
Police vehicles have come and gone steadily for hours from the command post, a small church taken over for that use
Early Friday, activity picked up when a team in military-style uniforms, many toting weapons, got out of a big van in the pre-dawn chill and moved into a staging area. One appeared to be dog handler.
Dykes was known around the neighborhood as a menacing figure who neighbors said once beat a dog to death with a lead pipe, threatened to shoot children for setting foot on his property and patrolled his yard at night with a flashlight and a firearm.
The chief confirmed that Dykes held anti-government views, as described by multiple neighbors: "He's against the government -- starting with Obama on down."
"He doesn't like law enforcement or the government telling him what to do," he said. "He's just a loner."
Authorities say the gunman boarded a stopped school bus Tuesday afternoon and demanded two boys between 6 and 8 years old. When the driver tried to block his way, the gunman shot him several times and took the 5-year-old boy off the bus.
The bus driver, Charles Albert Poland Jr., 66, was hailed by locals as a hero who gave his life to protect the pupils on his bus.
The school bus remained parked on the dirt road, and trooper spokesman Kevin Cook said investigators were in it collecting evidence Friday morning.
No motive has been discussed by investigators, but the police chief said the FBI had evidence suggesting it could be considered a hate crime. Federal authorities have not released any details about the standoff or the investigation. The mayor said he hasn't seen anything tying together Dykes' anti-government views and the allegations against him.
Dykes had been scheduled to appear in court Wednesday to answer charges he shot at his neighbors in a dispute last month over a speed bump. Neighbor Claudia Davis said he yelled and fired shots at her, her son and her baby grandson over damage Dykes claimed their pickup truck did to a makeshift speed bump in the dirt road. No one was hurt.
The son, James Davis Jr., believes Tuesday's shooting was connected to the court date. "I believe he thought I was going to be in court and he was going to get more charges than the menacing, which he deserved, and he had a bunch of stuff to hide and that's why he did it."
Neighbors described a number of other run-ins with Dykes in the time since he moved to this small rural town near the Georgia and Florida borders, a region known for peanut farming.
A neighbor directly across the street, Brock Parrish, said Dykes usually wore overalls and glasses and his posture was hunched-over. He said Dykes usually drove a run-down "creeper" van with some of the windows covered in aluminum foil.
Parrish often saw him digging in his yard, as if he was preparing to lay down a driveway or building foundation. He lived in a small camping trailer there and patrolled his lawn at night, walking from corner to corner with a flashlight and an assault rifle.
Court records showed Dykes was arrested in Florida in 1995 for improper exhibition of a weapon, but the misdemeanor was dismissed. The circumstances of the arrest were not detailed in his criminal record. He was also arrested for marijuana possession in 2000.
Seminar will discuss community, police partnership
by Teddy Kulmala
The City of Aiken and the Department of Public Safety are asking residents and community members to come out to the “Cultivating Communities” seminar on Saturday to learn how they can help law enforcement combat crime.
The seminar is free and will begin at 9:50 a.m. on Saturday at the Smith-Hazel Recreation Center on 400 Kershaw St. It will end about 1:45 p.m.
Want to go?
|What: Cultivating Communities Seminar
When: Saturday at 9:50 a.m.
Where: Smith-Hazel Recreation Center, 400 Kershaw St.
For more information: Call 642-7780
Included on the agenda are presentations by Cynthia Mitchell, community services coordinator for Aiken Public Safety, and Lt. Karl Odenthal with ADPS.
Odenthal said they will take a “multipronged” approach to their presentations on Saturday, discussing what is being done by law enforcement and how they can work with community members.
“My role is going to be talking about the community policing model and what we're doing from the law enforcement side, tying that into the community piece,” Odenthal said. “I'll talk about the department's efforts, community police concepts and how important it is to have that partnership with the community.”
Included in the lineup is a “Community Cafe,” during which attendees will break into small groups and discuss education, community safety and economic development. Everyone will then reconvene, and a representative from each group will provide a summary of what was discussed.
“The numbers are too big,” said Mitchell, adding that as of Wednesday, 65 people have reserved spots. “We'll still have that discussion, we just have to change the format a little.”
Odenthal said the goal of the roundtable discussions is to identify concerns and barriers in the community – “to see if we can determine what a root cause could be,” he said.
He said he'll emphasize the importance of the community's involvement.
“According to the FBI and Bureau of Justice statistics, only 1 percent of crime is rolled up on by an officer,” he said. “You usually get it after the car has been broken into, if somebody comes home and finds something.”
Odenthal said community members often help local law enforcement in spotting crime.
“We have community members help us identify things – be vigilant,” he said. “Without partnering with the community, we're not effective. With the community partnership, it makes our job easier to protect the citizens. These two things go hand-in-hand.”
Everyone from City residents, neighborhood associations and business owners to churches and faith groups and community service providers is encouraged to attend, according to Mitchell.
“We've got parents, pastors, some other service providers,” she said. “Young, old – we have a good cross-section.”
Space for the seminar is limited. Anyone interested in going should call 642-7780.
From the FBI
The Hostage Rescue Team
Last month marked the 30th anniversary of the FBI's Hostage Rescue Team (HRT)—federal law enforcement's only full-time counterterrorism unit—a highly trained group of special agents often called upon during the toughest times.
When needed, the team is prepared to deploy within four hours of notification to anywhere in the U.S. in response to terrorist incidents, hostage situations, and major criminal threats. Although the HRT has been tasked to fill a variety of roles throughout the years, its highest priority has always been to react to a major terrorist incident and to ensure the safe release of hostages.
“There is no greater mission we have than to save somebody's life,” said Kevin Cornelius, a former HRT operator who now commands the team.
Although the HRT was originally conceived to provide a tactical response to terrorism (see sidebar), the team possesses capabilities that do not exist anywhere else in civilian law enforcement. Operators are able to fast-rope out of helicopters, parachute with full mission equipment, and conduct advanced SCUBA techniques. They are trained to be superior marksmen, proficient in a variety of breaching techniques—including explosives—and experts in close-quarter tactics. Each operator's skill and training ensures that the HRT can launch assaults with speed, precision, and, if necessary, deadly force.
U.S. law enforcement relies on a tiered response to critical incidents such as a terrorist attack or hostage situation. First responders usually come from the local and state level and might include SWAT teams and crisis negotiators. If a situation cannot be resolved at that level, federal assets such as the HRT may be called in.
HRT operators also provide technical and tactical assistance to FBI field offices, which often leads to the apprehension of violent offenders. Most of the HRT's operations in the U.S. occur as a result of detailed investigations conducted by special agents in the field.
Since the first generation of HRT operators were trained in 1983, team members have deployed domestically and around the globe nearly 800 times, putting themselves in harm's way to help safeguard the nation and to save lives.
“As an elite counterterrorism tactical team for law enforcement, the HRT is one of the best, if not the best, in the United States,” said Sean Joyce, deputy director of the FBI and former HRT operator. “They are elite because of their training,” he explained. “But they are FBI agents first and foremost, and they have the ability to perform special agent duties—whether it's obtaining evidence or interviewing an individual—anywhere in the world while being able to operate in all types of environments, no matter how inhospitable.”
Not surprisingly, it takes a certain kind of special agent to become an HRT operator. In its 30-year existence, fewer than 300 individuals have been selected to join the team. Those who make it possess remarkable physical and mental toughness. They may be capable of extraordinary individual effort, but they understand the team always comes first—even before their own personal needs. Identifying candidates who possess not only the necessary physical and tactical abilities but also the right combination of personality traits is an integral part of the team's demanding selection process.
From the Department of Homeland Security
How Safe is Your Personal Information?
January 28 th is National Data Privacy Day, a nationwide effort to raise awareness about the importance of taking steps to protect the privacy of your personal and financial data. Increased interconnectivity increases the risk of theft, fraud, and abuse. When was the last time you reviewed the privacy settings on your social media accounts, read the fine print when purchasing an app, or talked to your family about safe online behavior?
At the end of the day, cybersecurity is really about people. If each of us commits to staying informed of cybersecurity risks and takes a few simple steps, we can all make a big difference to stay safe online.
We know it only takes a single infected computer to potentially infect thousands and perhaps millions of others. And it's our goal to make basic cybersecurity practices as reflexive as putting on a seatbelt – using antivirus software, being careful which websites you visit, not opening emails or attachments that look suspicious. These basic measures can improve both our individual and our collective safety online.
To achieve our shared goal, we invite you to take a few basic steps to be more secure:
- Set strong passwords, and don't share them with anyone.
- Keep a clean machine - our operating system, browser, and other critical software are optimized by installing regular updates.
- Maintain an open dialogue with your family, friends, and community about Internet safety.
- Limit the amount of personal information you post online, and use privacy settings to avoid sharing information widely.
- Be cautious about what you receive or read online – if it sounds too good to be true, it probably is.
Cybersecurity is a shared responsibility and we are all called on to ACT or Achieve Cybersecurity Together.
For more information, please visit www.dhs.gov/stopthinkconnect .