Canon USA Agrees to Settle Claims After Hacker Attack Exposed Employee Data

Canon Firmware Updates Viltrox Eos R7 Eos R10 Reuters Canon Cameras Europe Canon Eos R1 Eos R Rf 14-35mm Olympic Games Ef-mount Rudy Winston
View Post

Back in August 2020 Canon was victim of a hacker attack on their networks. It was a ransomware attack and employee data was stolen by the criminals.

Now, as Bloomberg Law reports, Canon has agreed to settle all claims over the breach of employee data:

Canon USA Inc. would pay up to $7,500 for monetary losses and $300 for out-of-pocket expenses to each victim of an August 2020 data breach that compromised the personal information of employees and their beneficiaries, under a proposed deal filed in federal court.

Nine named plaintiffs alleged in a proposed class action that the breach was caused by Canon’s failure to encrypt their information or use other adequate measures to protect it. They also alleged the company failed to provide adequate notice to affected employees.

Information exposed in the breach included names, Social Security numbers, driver’s license numbers, government-issued identification …

The stolen data concerned all Canon employees who were working for the company from 2005 until the year of the attack.

Anti Russian DDoS Attack Shuts Down Source of Pre-Release Camera Details

Canon Counterfeit Batteries Ddos Attack
View Post

Not sure how seriously to take this. However, here is the story.

Camnostic report that a Russian certification authority is down due to a DDoS attack (Distributed Denial of Service):

Once every few months a new camera or lens shows up on the Russian regulatory site that deals with electronics radio emissions licensing. It has long been the source of occasional product detail leaks that Canon filings reveal prior to actual announcements. Except, in Russia, this department also happens to be one of the primary bureaucracies censoring the internet. Yesterday and today, the site has been down – due, apparently, to a distributed denial of service attack.

Russian regulations over recording technology and radio technology have been some of the strictest in the world. During the Cold War, tourists were sometimes arrested for taking pictures of subway station entrances, and film was often confiscated or exposed in customs. Private transmission equipment wasn’t allowed in without special licenses. After the cold war, the regulation got a little more rational, but never lost the slightly paranoid, national security orientation.

Let’s hope this conflict is over soon and doesn’t escalate.

Industry News: Fujifilm Suffers Cyber-attack, Shuts Down Servers

Fujifilm
View Post

Hackers hit Canon last year, now it’s Fujifilm that has been hacked. Again it’s a ransomware attack.

Fuji Rumors reports that Fujifilm disclosed a ransomware attack on their network and that there has been an unauthorized access to their servers. Apparently their servers have been infected by the Qbot trojan malware.

Fujifilm’s statement:

Notification of communication failure to customers

2021 12:00 Update June 2, 2021 20:00

FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence.

We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.

We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused.

Hacking Post: You Can Run A Minecraft Server On A Canon Rebel SL2

Rebel SL2 SL3 Minecraft Server
View Post

From the series of “totally pointless but absolutely cool” hacks today we feature a new one, and for sure one of the most weird: a Minecraft server running on a camera.

A hacker going by the handle Turtius installed and successfully run a Minecraft server on a Canon Rebel SL2 (EOS 200D in Europe). If you know how Minecraft works, then you likely know that the server (i.e. the SL2 in our example) is only running the “world” that is then displayed on the user’s computer. The game itself runs on the user’s computer. However, at least theoretically, other users could connect to the world managed on the server (the SL2).

The shot video below shows three points of view: i) via a smartphone recording the back of the camera and the monitor, ii) what the Rebel SL2 is seeing, and iii) a screen recording from the computer that is connected to the Canon Rebel SL2. Clearly the SL2 reaches its limits.

Turtius explains here how he did the hack, using avrcraft, a Minecraft server that’s optimized for 8-bit devices. Says Turtius:

[avrcraft] is fully running on the camera. I reverse-engineered the network module used by Canon which just so happens to expose Unix-like sockets and integrated avrcraft with Magic Lantern. It’s running a custom implementation provided by Canon’s operating system and using custom code to interact with the stuff provided by Canon on a lower level.”

Cool hack, eh?

Turtius used a modified version of the free Magic Lantern firmware add-on, and wrote code specifically for the Rebel SL2. You can find the full source code on GitHub but be warned: do it only if you know what you are doing otherwise you risk to brick your camera.

[via PetaPixel]

Canon Officially Confirms Ransomware Attack, Says Employee Data Was Stolen

Ibis Canon Rumors Canon Full Frame Mirrorless Canon PowerShot G7 X Canon Eos 90d Coronavirus
View Post

Some months ago Canon USA was victim of a ransomware hacking attack. We reported about this incident.

Canon has finally released an official statement about the hacking attack. It turns out that information concerning past and current employees was stolen by the hackers, as employees’ names, social security number, date of birth, driver’s license number, government-issued ID, bank account number, and their electronic signature.

Canon statement about the ransomware attack:

Notice of Data Security Incident

Canon understands the importance of protecting information. We are informing current and former employees who were employed by Canon U.S.A., Inc. and certain subsidiaries, predecessors, and affiliates1 from 2005 to 2020 and those employees’ beneficiaries and dependents of an incident that involved some of their information. This notice explains the incident, measures we have taken, and steps you can take in response.

We identified a security incident involving ransomware on August 4, 2020. We immediately began to investigate, a cybersecurity firm was engaged, and measures were taken to address the incident and restore operations.  We notified law enforcement and worked to support the investigation.  We also implemented additional security measures to further enhance the security of our network.

We determined that there was unauthorized activity on our network between July 20, 2020 and August 6, 2020.  During that time, there was unauthorized access to files on our file servers. We completed a careful review of the file servers on November 2, 2020 and determined that there were files that contained information about current and former employees from 2005 to 2020 and their beneficiaries and dependents. The information in the files included the individuals’ names and one or more of the following data elements: Social Security number, driver’s license number or government-issued identification number, financial account number provided to Canon for direct deposit, electronic signature, and date of birth. 

We wanted to notify our current and former employees and their beneficiaries and dependents of this incident and to assure them that we take it seriously.  As a precaution, we have arranged for them to receive a complimentary membership to Experian’s® IdentityWorksSM credit monitoring service. This product helps detect possible misuse of an individual’s information and provides the individual with identity protection services.  IdentityWorksSM is completely free to the individual, and enrolling in this program will not hurt the individual’s credit score. If you are a current or former employee, or the beneficiary or dependent of a current or former employee, and would like more information on IdentityWorksSM, including instructions on how to activate your complimentary membership, please call our dedicated call center for this incident at 1-833-960-3574.  For information on additional steps you can take in response, please see the additional information provided below.

We regret that this occurred and apologize for any inconvenience.  If you have additional questions, please call 1-833-960-3574, Monday through Friday, between 9:00 a.m. and 6:30 p.m., Eastern Time.

1This notice is being provided by or on behalf of Canon U.S.A., Inc. and the following subsidiaries, predecessors, and affiliates: Canon BioMedical, Inc., Canon Business Solutions-Central, Inc., Canon Business Solutions-Mountain West, Inc., Canon Business Solutions-NewCal, Inc., Canon Business Solutions-Tereck, Inc., Canon Business Solutions-West, Inc., Canon Development Americas, Inc., Canon Financial Services, Inc., Canon Information and Imaging Solutions, Inc., Canon Information Technology Systems, Inc., Canon Latin America, Inc., Canon Medical Components U.S.A., Inc., Canon Software America, Inc., Canon Solutions America, Inc., Canon Technology Solutions, Inc., Canon U.S. Life Sciences, Inc., NT-ware USA, Inc., Océ Imaging Supplies, Inc., Océ Imagistics Inc., Océ North America, Inc., Océ Reprographic Technologies Corporation, and Virtual Imaging, Inc.

ADDITIONAL STEPS YOU CAN TAKE

We remind you it is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:

If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows: 

  • Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft 

Friday Hacker Blogging: The History Of Unix and Linux

History Of Unix
View Post

Front Page Linux posted an interesting and well written article about the history of Unix and Linux. Definitely worth your attention if you are into computer science.

For this special history guide, we are going to take a trip back in time to see where the seed of Linux was planted — namely via the Unix systems of the early 1970s and how it has progressed through the modern day. Though most are completely unaware of the enormous impact that Unix-like operating systems have planted on our society, understanding its storied history can allow us to realize why the Unix model has lived on far longer and become more successful than any other operating system architecture (and philosophy) in existence.

In fact, the estimated 5 billion people in the world (more than half the population) to own a mobile phone have been using Unix-based operating systems, knowingly or not, since the “smart” phone hit the consumer shelves in the late 2000s. From the Linux-based Android platform to the BSD-flavored iOS, Unix has stolen the massive mobile market along with the majority of other systems in existence. In fact, if you look at the operating system on just about any device besides the desktop PC, it is more likely than not that it runs some form or derivative of Unix.

So, how did an operating system written to port a game from one machine to another gain so much prominence in our world today when it was first conceived and implemented over sixty years ago? Well, our journey begins at AT&T’s famous Bell Laboratory with two unlikely heroes that helped kick off the modern technological age. Strap in and grab some popcorn, this is going to be a wild ride!

Read about the history of Unix at Front Page Linux. You can also use this post to discuss about whatever (photographic) topic you wish.