1. News
  2. Privacy

The Weekly Hack: Russia accused of hacking the U.S. power grid and Pentagon employees compromised

Alleged hacking attacks are escalating tensions between the United States and Russia

Photo (c) chombosan - Getty Images
The Trump administration said Thursday that the Russian government tried to hack the United States power grid two years ago.

The announcement coincided with sanctions that the US treasury imposed on 19 Russians for what they described as meddling in the 2016 presidential elections. Russian officials denied their involvement with either attack and vowed to retaliate for the sanctions.

According to the Department of Homeland Security and the FBI, Russian “government cyber actors” targeted “energy sector networks,” but the agency did not name who was affected.

Russia has also been accused of hacking Ukraine’s energy infrastructure and causing widespread blackouts several years ago. It’s unclear if hackers were trying to cause power outages here, security experts told CNBC, but they said disrupting the power grid was a likely motive.

United States officials also have a long record of spying on infrastructure in other countries, they added, which is why the United States is typically reluctant to name attackers who do the same here. In fact, they say this is the first time that the United States government has publicly accused another country of such a massive breach.

"I have never seen anything like this," Amit Yoran, a former U.S. official who now heads a cyber security firm, told the station.

Pentagon employees

Hackers successfully guessed the usernames and passwords of 318 people who work in the Pentagon and use Citigroup credit cards.

Citigroup says that the hackers could not get past the second layer of authentication, however, and said no money or other data was stolen.

Citigroup, which runs the a travel charge card program for the  Department of Defense, described the hacker or hackers as a “malicious actor.”

Florida “virtual” students

Florida boasts the largest virtual school system in the nation, with an internet-based elementary school and high school that offers 150 courses. But a new report raises concerns about the cyber-security of students who take them.

The Florida Department of Education recently admitted that a massive data breach in its Florida Virtual School impacted more than 368,000 current and former students and as many as 2,000 teachers.

The hack, which occurred sometime between May 2016 and February 2018, allowed thieves to access names, birth dates, and school account numbers of students and teachers. One security expert describes schools as prime targets for cyber-attackers because of the critical information they hold.  

Florida administrators added that they had contacted law enforcement and offered students free identity protection services.

Equifax accused of insider trading

Need another reason to be mad at Equifax? How about one million?

Equifax’s former chief information officer Jun Ying is facing insider trading charges for dumping his company stock shortly before the company had admitted that a massive amount of consumers’ data was stolen last year. The Securities and Exchange Commission (SEC) says that Ying made over $1 million from the sale.

“Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public," Richard R. Best, director of the SEC's Atlanta regional office, said in a press release. "Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit."

Take an Identity Theft Quiz. Get matched with an Authorized Partner.