Database Of Stolen User Names & Passwords Hacked
July 21, 2014 – Indexeus.org, a new search engine that contains a database of stolen user names and passwords from over 100 data breaches has been hacked by the hacking group known as Pernicious Developers. The hackers left a defacement message reading, “This is the Original Pernicious Developers, we're still here. Even if you don't know which version of the group who did this.” The site was breached by leveraging a backdoor shell that was loaded to the site. The owner of Indexeus posted a statement saying, “We had 14m entries at the time the website was 'hacked'.”
Wall Street Journal Facebook Page Hacked
July 21, 2014 – The official Facebook page of the Wall Street Journal was hacked on Sunday. The hackers posted two fake stories, one about Air Force One crashing in Russia and a second one saying that Vice President Biden would be addressing the nation. The Facebook page has over 2.8 million followers. The page was recovered by the Wall Street Journal after 20 minutes, when they posted a message saying, “We are aware that our Facebook page was compromised during the last 20 minutes. We have deleted the posts and are looking into it.” At this time it is not known who is responsible for the hack.
Anonymous Targets Over 1,000 Israeli Sites As Part Of OpSaveGaza
July 21, 2014 – Members of the Anonymous collective are claiming to have taken down or defaced over 1,000 Israeli websites as part of their OpSaveGaza campaign. Several of the defaced sites carried a message saying, “The Jerusalem cause is Muslims' fight of honour.” Hackers leaked email addresses from the Ministry of Immigrant Absorption, the Ministry of Justice, the Ministry of Culture and Sport and the Ministry of Housing and Construction. The majority of the sites targeted belonged to restaurants, businesses and foundations. At this time most of the websites have been restored.
Banco Popular Subsidiary Breached, 72,500 Customers Exposed
July 21, 2014 – Florida bank, TotalBank, a subsidiary of Banco Popular, has admitted that over 72,500 customers have had their account information exposed by a network breach. According to their investigation the hackers may have accessed customer names, addresses, account numbers, account balances and personal identification numbers. In a statement the bank said, “This information does not include passwords or the type of information that would allow access to our customer bank accounts, which remain secure.” The bank is currently working with law enforcement on the investigation.
Hackers Using Government-Grade Malware
July 18, 2014 – Researchers have observed “government-grade” malware being used by cybercriminals, who are integrating it into rootkits and ransomware. “Government-grade” malware is designed to operate undetected on computer systems for long periods of time. The researchers have observed malware known to have been created for government espionage being transformed by hackers to make their own rootkits and ransomware more sophisticated and harder to detect. This malware operates during periods of user inactivity, helping it avoid detection by sandbox-based security tools. The malware also exploits a log bug in Windows 7 and 8, contains anti-debugging and anti-reverse-engineering defenses and obscures malicious activity by converting the application into sections.
EC3 Takes Down Romanian Cybercrime Ring
July 18, 2014 – The European Cybercrime Center (EC3) and law enforcement agencies in France and Romania have taken down an organized cyber crime network of over 100 individuals. The cybercriminals are accused of hacking into international non-cash payment systems through malware infections. They compromised computers of franchisees authorized to perform money transfers using a remote access tool that integrated key-logging. According to authorities the hackers targeted copy-shop businesses in Austria, Belgium, Germany, Norway and the United Kingdom. EC3 estimates the total amount stolen by the crime ring to be at least $2.7 million. Sixty-five individuals have been detained in Romania and France.
Pushdo Malware Infects 11,000 Computers In 24 Hours
July 18, 2014 – A new variant of the Pushdo Trojan, one of the oldest active malware families, has been observed infecting over 11,000 computers in 24 hours. Pushdo is a multipurpose Trojan that is known for delivering financial malware onto infected computers. The new variant is leveraging a new domain-generation algorithm (DGA). DGAs dynamically generate a list of domain names based on an algorithm, this allows the malware to avoid domain blacklisting and blocking of known Command & Control domain names. The coutries most affected by this new Pushdo malware are India, Vietnam, Turkey, the United Kingdom, France and the United States.
Dominion Resources' Employee Wellness Plan Hacked
July 18, 2014 – Virginia-based Dominion Resources announced that personal information of 1,700 employees have been compromised in a hack of their employee wellness plan. The hackers gained access to the system through a subcontractor's system. The personal information that was exposed includes names, addresses, email addresses, phone numbers, gender and dates of birth. The hacker also gained access to password information for another company, but the passwords were encrypted and no breach occurred.
FBI Says 18 Computers Per Second Are Infected With Botnets
July 17, 2014 – During a hearing before a US Senate committee, FBI Cyber Division Director Joseph Demarest said that 18 computers per second worldwide are infected with botnets. This amounts to over 500 million compromised computers a year. He went on to say that botnet infections costs the US and global economies billions of dollars each year. Demarest continued, “We face cyber threats from state-sponsored hackers, hackers for hire, organized cyber syndicates and terrorists. They seek our state secrets, our trade secrets, our technology and our ideas – things of incredible value to all of us.”
Report Shows Amazon Web Services' Leading The Way In Serving Malware-Hosting Sites
July 17, 2014 – Researchers have published a new report showing that, out of the top ten ISPs and hosting providers surveyed, the proportion of malware-hosting websites served from Amazon infrastructure more than doubled from 16% in the fourth quarter of 2013 to 41% in the second quarter of 2014. An Amazon spokesperson issued a statement saying, “AWS employs a number of mitigation techniques, both manual and automated, to prevent the misuse of the services. . . Our terms of usage are clear and when we find misuse we take action quickly and shut it down.” During the same period, the change in proportion of sites being served from other companies included European company OVH going from 10% to 13%, Akamai from 9% to 12%, Google from 6% to 9% and GoDaddy declining from 14% to 2%.
Over 22 Million New Yorkers' Personal Records Exposed In 5,000 Breaches Since 2006
July 17, 2014 – New York Attorney General Eric Schneiderman has issued a report showing that data breaches in New York, between 2006 and 2013, have resulted in 22.8 million personal records of New Yorkers being exposed in almost 5,000 data breaches. The total estimated cost of these breaches is almost $1.4 billion. According to the report almost 40% of the breaches were due to hacking intrusions. AG Schneiderman said, “Our expansive look at data breaches found that millions of New Yorkers have been exposed without their knowledge or consent. It's clear that a broad, concerted public education campaign must take place to ensure that all of us are better protected.”
Israel Says Infrastructure Is Under Cyberattack
July 17, 2014 – Security experts in Israel are saying that professional hackers have been targeting infrastructure, such as the Port of Ashdod, the Dimona nuclear reactor and the main generating plant of the Israel Electric Company. The hackers have been attempting to infiltrate the systems hoping to disrupt the flow of water, electricity, transportation and other critical systems. Dr. Tal Pavel, an expert on Internet usage and crimes in the Middle East, said, “In some ways, the threat of hacking major infrastructure systems is even worse than the nuclear threat. Only governments can afford to purchase and deploy nuclear weapons . . . But anyone can develop or buy their own super-virus, potentially capable of a cyber-attack that could shut down a country for days, create panics or riots, or release dangerous substances, such as gas and sewage, that can kill people in the victim country.” The infrastructure organizations have all said that they employ the most up-to-date and comprehensive security technologies.
Smaller US Government Agencies Being Targeted By Chinese Hackers
July 16, 2014 – It appears that several Chinese hackers have started to target smaller US government agencies instead of high-profile targets, such as the Pentagon. Officials have reported recent attacks against agencies such as the Government Printing Office and the Government Accountability Office. Officials reported that some of these networks were so out of date that the hackers seemed unsure about how to navigate through the systems. Both the printing office and the accountability office released statements saying that no personal identification information had been compromised during the attacks.
Privacy Groups Urging Veto Of New Cybersecurity Bill
July 16, 2014 – Privacy groups including Access, the Electronic Frontier Foundation and Reddit signed a letter sent to President Obama urging him to veto the new cybersecurity bill, if it were to pass through Congress. The privacy groups are concerned that the Cybersecurity Information Sharing Act will increase the spying powers of the National Security Agency. The letter reads, “Legislation that focuses exclusively on facilitation of information sharing … jeopardizes the foundation of cybersecurity by improperly pitting human rights against security. We urge you to pledge to veto CISA and all future legislation that takes a similar approach." The purpose of the bill is to have businesses and government agencies share information about potential hackers and security flaws in an attempt to learn best practices for defending against malicious activity.
Hammas Hacks Israeli TV Station
July 16, 2014 – Part of the Hammas organization known as the Izz al-Din al-Qassam Brigades are claiming responsibility for hijacking the Channel 10 television station in Israel. During the few minutes that the satellite was under their control, the hackers fed images of people wounded by Israeli air strikes on the Gaza region. They also broadcasted a message saying that retaliating actions would be used if Isreal did not stop the bombings. The message read, “If your government does not agree to our terms, then prepare yourself for an extended stay in shelters.”
High-Risk Vulnerabilities Found In New Mexico Health Insurance Exchange
July 16, 2014 – A Department of Health and Human Services (HHS) audit of the New Mexico Health Insurance Exchange has revealed several high-risk security vulnerabilities. The audit report has not been released yet, but the indication is that the vulnerabilities may have left patient information exposed for a long period of time. CEO of the exchange, Mike Nunez said, “We are working to address the issues identified in the audit with our systems integrator and have every expectation of holding all of New Mexico citizens' persona information in high regard and confidential.” The exchange has not yet suffered any attacks, and have not been required to notify any individuals about the vulnerabilities.
Haaretz, Israel's Largest Newspaper, Hacked By AnonGhost
July 15, 2014 – The hacker known as AnonGhost is claiming to have hacked a sub-domain of Haaretz, Israel's largest and oldest newspaper. AnonGhost defaced the page and left a defacement message against Israel and the bombings in Gaza. The sub-domain publishes news about the World Cup. At the time of this writing the page was offline.
WordPress Plugin Vulnerability Provides Backdoor
July 15, 2014 – Researchers have discovered a vulnerability in the WPtouch plugin for WordPress, that allows a logged-in user with non-administrative privileges to upload PHP files to the server. A hacker can leverage the vulnerability to gain unrestricted access to the website by uploading a remote shell. The plugin has over 5.5 million downloads, but the vulnerability has only been found in versions 3.x. Those using older version are not facing a threat from this vulnerability.
PharmaNet Breach Leads To Leak Of Patient Data
July 15, 2014 – PharmaNet, a Canadian prescription information network, has been breached and confidential information on over 1,600 patients has been compromised. The British Columbia Ministry of Health conducted an audit and discovered that an unknown, unauthorized person used a doctor's PharmaNet account without the doctor's knowledge and accessed the patients' personal information. The compromised information includes patient names, dates of birth, addresses, phone numbers and personal health numbers. The Ministry issued a statement saying, “While this privacy breach did not include banking information, enough information was accessed to be used for identity theft.” The investigation into the incident is ongoing.
UK Investing Billions In Cyber Defense
July 15, 2014 – British Prime Minister David Cameron has announced an investment of over $1.3 billion dollars to improve cyber defense technology and surveillance equipment. Cameron stated that threats have changed since the Cold War, and today, the enemy may be seen or unseen. He said, “The plain fact is that in the 21st century, you cannot defend the realm from the white cliffs of Dover.” The focus of the investment will be on security against cyber attacks and the protection of the energy sector.
CNET Servers Breached
July 14, 2014 – The technology review website, CNET, has been breached by a Russian hacker known as w0rm. CNET issued a statement saying, “Here's the situation, a few servers were accessed. We identified the issue and resolved it yesterday. We will continue to monitor.” The hackers is currently trying to sell a CNET database for 1 Bitcoin, however it is not clear what information the database contains. The same hacker was previously involved in a breach of the BBC last year.
AnonGhost Hacks Israeli Galilee Development Authority Site
July 14, 2014 – The hacker known as AnonGhost is claiming responsibility for the hacking and defacement of the Israeli Galilee Development Authority website. The defacement page contains a message of support for Palestine, urging other hackers, activists and human rights organizations to unite against Israel. At the time of this writing the site has been restored.
17-Year Old Arrested For DDoS Attacks On Norway's Banks
July 14, 2014 – The Norwegian police have arrested a 17-year old for last week's distributed denial-of-service attacks against the nation's banking institutions. The teen is accused of launching DDoS attacks against five major banks, two telecommunication companies, three airlines and one insurance company. The hacker claimed to be a member of the Anonymous Norway hacking collective, however other members have said they are not connected with him. Police chief, Frode Karlsen said, “He could have had help, but we don't think that he is a part of an organized group. We do not have any proof of this right now.” He is charged with gross vandalism, which has a maximum prison sentence of six years.
Vulnerabilities Found In Popular Password Protection Programs
July 14, 2014 – Researchers have discovered critical vulnerabilities in five popular password manager programs. The vulnerabilities found in My1Login, PasswordBox, LastPass, RoboForm and NeedMyPassword could allow attackers to steal user credentials. The vulnerabilities were found in features such as one-time passwords, bookmarklets and shared passwords. Different causes of the vulnerabilities have been identified such as logic and authorization mistakes, misunderstandings about web security, cross site request forgery (CSRF and cross site scripting (XSS). The researchers have notified each company about the vulnerabilities.
Houstonian Hotel Breach Leads To 10,000 Credit Cards Exposed
July 11, 2014 – The Houstonian Hotel, Club and Spa's computer systems suffered a security breach that lasted for a six month duration. The breach resulted in the credit card details of at least 10,000 customers being exposed. The hotel's IT Security Director, Jason Love, said that immediate action was taken to secure the customer's data once the breach was discovered. The total number of customers impacted is not known. The 10,000 customers that were notified are only those that provided contact details during their visit at the hotel. A criminal report has been filed with the Houston Police Department.
Gmail For iOS Man-In-The-Middle Vulnerability Discovered
July 11, 2014 – Researchers have discovered a vulnerability in the Gmail for iOS app, that could allow an attacker to steal encrypted communications between the app and the server. The man-in-the-middle attack is possible due to the fact that the app does not incorporate the legitimate certificate that validates the server receiving the communication. Attackers can use a fake certificate to impersonate the server and send all traffic through their systems, giving them access to the unencrypted communication. Google has not yet issued a patch for this vulnerability.
Tunisia's Online Voter Registration Interrupted By Hackers
July 11, 2014 – Tunisia's Electoral Commission issued a statement saying that the online voter registration process for the upcoming Parliamentary and Presidential elections was briefly interrupted by hackers. According to the statement, “an aggressive attack from a group of electronic hackers seeking to prevent citizens from registering,” caused registration on the Internet or by SMS to be temporarily suspended. The commission was able to restore the online process, however they warned that “the hacking attacks are still going on.” Only slightly more than 100,000 people have registered in the past month.
Shipping And Logistics Firms Targeted With Scanner Malware
July 11, 2014 – Chinese cybercriminals are believed to be installing malware on handheld scanners being sold to shipping and logistics companies from all over the world. The Zombie Zero malware is loaded onto scanners that are ultimately used by shipping and logistics firms to track their inventory. The malware is installed on the Windows XP operating systems embedded in the devices, once the scanner starts being used the malware sends information back to the command and control server in China. Once the scanner is hooked up to the company's wireless network, the malware has been observed compromising the victim's network.
Chinese Hackers Access US Federal Employees Database
July 10, 2014 – It is being reported that Chinese hackers have accessed the computer systems of the US Office of Personnel Management, and breached the some of the agency's databases. Tens of thousands of files containing data on federal employees who applied for top-secret clearances were targeted. The compromised information includes employment records, foreign contacts, previous jobs and personal information such as past drug use and other offenses. A Department of Homeland Security official acknowledged that the breach occurred but said that they had not “identified any loss of personally identifiable information.”
POS Systems Being Targeted By Brute-Force Attacks
July 10, 2014 – Security researchers have discovered a group of cyber criminals that are leveraging thousands of infected computers to detect point-of-sale (POS) terminals that are accessed through the remote desktop protocol (RDP). Once identified the attackers are using brute-force attacks to crack the login credentials of the POS terminals. The infected computers scan for specific IP ranges in an attempt locate vulnerable systems. The command and control servers associated with these attacks have been traced to Russia, Iran and Germany. According to reports the attackers targed a set of 57 IP address ranges, 32 of which are in the United States. The additional address ranges are located in the United Kingdom, Netherlands, Spain, Tunisia, South Africa, Saudi Arabia, Uganda and Ukraine.
Anonymous Norway Hits More Financial Organizations
July 10, 2014 – Earlier this week it was reported that members of Anonymous Norway had hit Norwegian bank DNB with a distributed denial-of-service. That attack lasted a little over an hour, but the hackers then launched attacks against several other financial organizations. Additional targets included Norges Bank, Sparebank 1, Storebrand, Gjensidige, Nordea, Danske Bank and Norway's largest telecom company, Telenor. It seems that the hackers exploited a security flaw in WordPress, which allowed them to push bad traffic to the servers of the targets. Anonymous Norway issued a statement saying that these attacks were “to get the community to wake up. The number of major IT security attacks is increasing and there is nothing being done to prevent such events.”
Over 2,300 Indian Websites Hacked By Indonesian Hackers
July 10, 2014 – The Indonesian hacking group known as Sanjungan Jiwa Team are claiming to have hacked and defaced over 2,300 Indian websites. A defacement page was left on the sites with a message saying, “Don't Steal!!! The Government Hates Competition. We Are Sanjungan Jiwa Team.” The defaced sites include several government and educational institutions. At the time of this writing most of the sites were down.
Senate Panel Approves Cyberthreat Info Sharing Bill
July 9, 2014 – The Senate Intelligence Committee has approved an amended version of the Cybersecurity Information Sharing Act of 2014. Sponsors of the Bill say that it will encourage the government and private sector to voluntarily share cyberthreat information. The Center for Democracy & Technology, a civil liberties advocacy group, has said that the bill has provisions that could turn the program into a back door wiretap by authorizing use of cyberthreat indicators for overly broad law enforcement purposes. This version of the bill will be introduced later this week.
Deep Panda Hackers Changing Focus
July 9, 2014 – Security researchers are reporting that the China-backed Deep Panda hacking group have shifted their focus to individuals with an association with Iraq and Middle East matters. The group previously had targeted people with an association to geo-political policy issues in the China/Asia Pacific region. The researchers say that the latest attacks occurred through the use of powershell scripts executed on Windows as scheduled tasks. It is believed that the victims of these attacks are highly targeted and the hackers know exactly who they want to compromise.
New Variant Of Zeus Malware Discovered
July 9, 2014 – Researchers have discovered a new variant of the Zeus malware being called the Zberp Trojan. Zberp is believed to have been created from the source code of Zeus and Carberp. The Trojan allows criminals to steal information from compromised computers including names, IP, data submitted in HTTP forms and FTP/POP accounts. The malware is also capable of taking screenshots and sending them to command and control servers. The malware is being spread through emails with a URL link to a .zip file, which contains Zberp.
Park Hill School District Leaks Data Of 10,000 Individuals
July 9, 2014 – Missouri's Park Hill School District officials have notified over 10,000 former employees and students that their private information has been exposed. It is not known how long the information was exposed, but the incident occurred between February and April. The officials say that there is no evidence that the information has been misused in any way.
National Security Think Tanks Targeted By Chinese Hackers
July 8, 2014 – According to a recent report the Chinese hacking group Deep Panda has been hacking U.S. national security think tanks. The hackers have been stealing confidential information related to U.S. foreign policy. Think tanks in the defense, finance, legal and government industries have been compromised by the group over the course of the last three years. Deep Panda has been exploiting vulnerabilities in Windows operating systems.
DNB Bank Site Down After DDoS Attack
July 8, 2014 – Members of the Anonymous Norway hacking collective have taken responsibility for taking down the Norwegian bank DNB's website with a distributed denial-of-service attack. DND has reported the attack to the police and are taking the attack “extremely seriously.” Communication Adviser Vidar Korsberg Dalsbo said, “The website is partially down because of a DDoS attack, which means that there are log-in problems for some of our customers. We're working hard to get this solved and we believe we have localized where the attack is coming from.” Anonymous Norway did not provide a reason for the attack.
Russian Hacker Arrested By US Secret Service
July 8, 2014 – Roman Valerevich Seleznev, of Moscow, Russia, has been arrested by the U.S. Secret Service. Seleznev has been charged with hacking into point-of-sale systems at U.S. retailers and stealing credit card information between October 2009 and February 2011. According to U.S. prosecutors, Seleznev operated servers and international carding forum websites to facilitate the sale of stolen credit card information. The hacker is being charged with five counts of bank fraud, eight counts of intentionally causing damage to a protected computer, eight counts of obtaining information from a protected computer, one count of possession of 15 or more unauthorized access devices, two counts of trafficking unauthorized access devices and five counts of aggravated identity theft. In addition, Seleznev is facing a separate indictment in the District of Nevada for allegedly participating in a racketeer influenced corrupt organization (RICO), conspiracy to engage in RICO activities and two counts of possession of 15 or more counterfeit and unauthorized access devices. He is facing over 30 years in prison and over $2 million in fines if found guilty.
Netgear Vulnerability Give Hackers Full Access
July 8, 2014 – Researchers have discovered a vulnerability in Netgear ethernet switches that could provide hackers with full access to the hardware, including the ability to execute arbitrary code. Netgear's GS108PE Prosafe Plus switches using version 188.8.131.52 contain hardcoded log-in credentials that could allow unauthenticated hackers to log-in to the firmware. At this time there does not appear to be a workaround for the issue.
New WhatsApp Vulnerability Allows Message Manipulation
July 7, 2014 – Researchers have discovered a new vulnerability in the popular messaging app, WhatsApp. This vulnerability allows attackers to manipulate who is shown as the message sender on the recipient's phone. This type of vulnerability is seen as highly critical due to the increased use of WhatsApp messages as evidence in court. At this time no patch has been issued for the vulnerability.
Video Sharing Site Dailymotion Hacked
July 7, 2014 – The popular video sharing website Dailymotion, has been hacked and visitors are being redirected to a malicious website that installs malware on the visitor's machine. The malicious site hosts the Sweet Orange Exploit kit, which exploits software vulnerabilities to infect the victim's with malware. The malware forces the infected computer to generate traffic to pay-per-click advertisements in order to generate revenue for the attackers.
Number Of North Korean State Backed Hackers Doubles
July 7, 2014 – According to military sources from South Korea, the number of government backed North Korean hackers has doubled over the last two years. The sources claim that there are now 5,900 “elite” hackers employed in the North Korean hacking unit. South Korea has accused North Korea of launching malware attacks against banks, media and government websites. North Korea has denied all of these allegations and says that South Korea is just fueling diplomatic tensions.
Lea Michele's Twitter Account Hacked
July 7, 2014 – The Twitter account belonging to Glee actress Lea Michele has been hacked and false messages have been sent. The hacker sent out a message saying the Michele was pregnant. The star has denied that she is pregnant and says the hacking was her fault due to her weak password. No one has claimed responsibility for the hack at this time.
Anonymous Threatens Action Over Pending Cyber Information Legislation
July 3, 2014 – The hacktivist collective Anonymous has threatened American congresspersons over a pending cyber security bill. Releasing two videos and several reports over social media against the pending CISA bill, Anonymous has said, "It has come to our attention that Congress is planning to pass a bill that will jeopardize privacy and personal security across all forms of media. We would like to inform you that despite our direct and crippling attacks on former cyber security bills like SOPA, PIPA, and CISPA, there is yet a new threat." Though Anonymous is famed for its various defacements and hacks against cyber-targets, this current action by the group also involves calling for massive on the ground protests. The Cybersecurity Information Sharing Act (CISA) enables the government and private companies to share information on security, attacks, and users.
SEC Examining Firms Over Hack Disclosures
July 3, 2014 – The Securities and Exchange Commission is investigating several companies that have been hit with cyberattacks, and the process they used to inform investors of the breaches and their impacts. Currently there is no official requirement public companies must comply with when their systems are hacked, but they do have to inform investors about events that could influence stock trading decisions. The findings of this investigation will be used by the SEC to create regulations designed to protect affected parties in the future.
Finland Announces It Has Been Hacked
July 3, 2014 – The government of Finland has announced that state-sponsored hackers have stolen a large amount of data over the last few years. At its press conference, the government accused government agents of being responsible but refused to name any specific country. The stolen data had the potential of impacting international negotiations, though the government reported that classified documents were not accessed. Surveillance programs were discovered on several Foreign Ministry computers, and new features have been added to its servers to increase security.
1.7 Million Sites At Risk Thanks To WordPress Plugin Flaw
July 3, 2014 – .MailPoet, a WordPress plugin with over 1.7 million users, has been discovered to contain a flaw that allows a hacker to upload any file they wish to the site's server. Designed to ease the sending of newsletters to subscribers, MailPoet's flaw comes from a misunderstanding of how the "admin_init" hook is enabled when a user attempts to visit the administrative page of MailPoet's plugin. All versions are vulnerable except for the patched one released after this bug was discovered and experts urge an immediate update. This is the second WordPress plugin vulnerability discovered this week, as it was reported earlier that the thumbnail plugin TimThumb allowed hackers to execute any code they wished on an infected website.
POS Provider Discovers Unauthorized Access To Payment Cards
July 2, 2014 – Information Systems & Supplies Inc., a distributer of POS (point of sale) and security systems, has sent a letter to customers informing them of a potential payment card information leak. The company has not disclosed the number of machines impacted, though it is possible that all payment card information at every POS it built has been compromised. Known victims include Dairy Queen, Buffalo Wild Wings, and Taco Time restaurants in the North West United States. The company discovered three unauthorized accesses to its remote access system which would have given the hacker nearly unlimited access to its payment files. The company and its remote-access partner have added additional security.
HotelHippo Website Taken Down After Several Critical Flaws Discovered
July 2, 2014 – Researchers have discovered an array of security flaws with HotelHippo, the hotel-booking site, that have resulted in it being temporarily shut down. The vulnerabilities found allow hackers to extract customer data - including hotels booked, the duration of the stay, room numbers and the number of people traveling. Though HotelHippo used a https secure URL, the booking number was sequentially generated and provided in the URL itself. Another vulnerability allowed researchers to obtain the billing address of a user, and another revealed the check-in date and time, along with other information, when the confirmation link was sent over an insecure connection. If hackers gained access to this information it would provide the groundwork for sophisticated phishing attacks and expose the location of victims. The website has been taken offline only after the researcher reported his findings several times.
Anti-Piracy Website Hacked, Replaced With Pirate Bay Proxy
July 2, 2014 – The website of an anti-piracy organization in Argentina has been hacked and transformed into a Pirate Bay proxy site. The Argentinean equivalent of the Recording Industry Association of America, the Argentine Chamber of Phonograms and Videograms Producers had its content replaced with links to torrents and other content available on the Pirate Bay. The attack seems to have happened following the group won an injunction in court that demanded 11 internet service providers block 256 IP addresses and several domains belonging to the torrent website. No one has claimed responsibility for the hack.
Two Chinese Students Prosecuted For Changing Gym Records
July 2, 2014 – Two students from the Lixin University of Commerce in Shanghai, China, have been arrested for hacking into the school's database and changing the physical education records of students for a price. The school requires that all male students complete twenty 1,500-meter runs per semester, and for female students to complete eighteen. If students fail to do so they fail the class, and the actions are tracked by swiping the student card in the gym. Fearing he would fail, one student hacked into the database and adjusted his records. Once another student found, they partnered together to gather students and charged them a fee for a record change. The university has pressed charges against the students.
Energy Firms Targeted By Dragonfly
July 1, 2014 – Over 1,000 energy companies in North America and Europe have been breached by a malware attack launched by the Eastern European hacking group known as Dragonfly. The malware attack struck companies in eighty-four countries, with most of the targets located in the United States, Spain, France, Italy, Germany, Turkey and Poland. Dragonfly is known to have been targeting companies that use industrial control systems to manage electrical, water, oil, gas and data systems since 2013. Experts believe that Dragonfly is a state-sponsored group due to their high degree of technical abilities.
Houston Astros Suffer Data Breach, Trade Information Disclosed
July 1, 2014 – The computer network of the Houston Astros baseball team have suffered a data breach. Among the information stolen was internal trade talks. The system accessed is named "Ground Control" and is used by the Astros to provide communication and private player statistics and video to players, employees, and other important parties. All files accessed have been made public by the attackers. An investigation has been launched to find the hacker or group of hackers.
Twitter Of Rio De Janerio Police Hacked, Bomb Threat Left
July 1, 2014 – The official Twitter page of the Rio De Janeiro police force has been hacked, with the attackers posting a message about a bomb threat to one of the World Cup stadiums. It took roughly an hour for the tweet to be deleted, and the office of the President was forced to make a statement stating that it was false. No one has yet to take responsibility for the hack, and its 'prank' nature does not match the other hacks by Anonymous which is currently targeting Brazilian websites and the websites of the sporting event's sponsors.
Green Dragon Crew Claims Responsibility For Attacking Ukraine's Largest Commercial Bank
July 1, 2014 – A hacker group known as the Green Dragon Crew has announced that they are responsible for a recent cyber attack on Privatbank, the largest commercial bank in Ukraine. The attack in question centered on a prolonged distributed denial-of-service attack that left the bank's sites inaccessible. Green Dragon Crew also claims to have breached the bank's systems and obtained customers' bank account information, though this has not been confirmed by the bank itself. The group claims it targeted the bank because its owner is participating in the ongoing internal conflict in South-East Ukraine. It released a statement to the media explaining that customers who use the bank "co-finance the killings of civilians in Donetsk and Lugansk since [the owner] finances the war and profits from it, selling the army fuel at triple the prices."
Syrian Electronic Army Defaced Israeli Defense Force's Blog
June 30, 2014 – The Syrian Electronic Army hacker group has taken responsibility for hacking and defacing the official blog of the Israeli Defense Forces. The group uploaded a message denouncing Israeli actions against Palestinians and attacking the country for its interference in the ongoing civil war in Syria. The official blog of the Israeli military is a popular site in the country, offering news, updates, policy, and media content to the public in regards to military developments. It is unclear how the Syrian Electronic Army gained access to such a high visibility target, though the site has since been restored.
Anonymous Announces Campaign Against ISIS
June 30, 2014 – Members of the hacktivist collective Anonymous have announced that they will carry out cyber attacks against countries supporting ISIS - the Islamic State of Iraq and Syria. Anonymous is calling the campaign 'Operation NO2ISIS' and is planning to initiate efforts next week by targeting sites belonging to Saudi Arabia, Turkey and Qatar. One member is quoted as saying, "In the next few days we will begin defacing the government websites of these countries so that they understand.” It also appears that at least one Anonymous affiliated Twitter page was hacked by a person supporting ISIS, with the collective noting that the hacker's methods are very similar to those of the Syrian Electronic Army.
Another Plugin Leaves 1.3 Million WordPress Users Vulnerable
June 30, 2014 – Another massively popular plugin for WordPress has been discovered to contain a crucial security flaw. Disqus is a web comments and discussion plugin that assists site owners in managing user interactions and is currently used on 1.3 million sites. The flaw in question involves Remote Code Execution which allows any user to execute commands on the server using malicious PHP code. The flaw has been reported as a simple and dangerous vulnerability that requires all users to update both Wordpress and the plugin itself to the latest versions to fix the problem. If exploited a hacker could gain complete access to the website.
New EMOTET Malware Scans Outgoing Network Traffic For Banking Details
June 30, 2014 – Researchers are reporting on a new piece of banking malware that is capable of scanning entire networks for financial information. The malware logs all outgoing network traffic, and importantly is capable of extracting information sent over secure connections because of the way it integrates itself into an infected computer. Nicknamed EMOTET, the software has been being delivered through malicious e-mails pretending to discuss financial transactions. Though it logs all network traffic, it appears EMOTET is specifically looking for outgoing financial login credentials. It is currently targeting German banks, and seems designed to avoid detection by hiding stolen information in the system's registry instead of in a hidden file.
Enterprise DDoS Attacks Up 11% Since Last Year
June 27, 2014 – A report recently released by Akamai shows that distributed denial-of-service attacks against enterprises has risen 11% when comparing the first quarter of this year against the first quarter of 2013. Of the companies surveyed, twenty-six percent of organizations that suffered DDoS attacks were hit with repeat attacks. One organization suffered 17 distinct attacks against one target, which was the highest number of repeat attacks reported.
Vendor Hack Leads To Data Leak For University of California, Washington Center
June 27, 2014 – The University of California, Washington Center has reported that a hacker has accessed information stored on its pre-enrollment system hosted at GoSignMeUp. GoSignMeUp is a cloud-based online course registration system. The compromised information includes usernames, passwords, addresses, email addresses and dates of birth of the university's alumni. The school is currently working with GoSignMeUp to increase the security of their user data.
Hacker Pleads Guilty To Hacking Law Agencies
June 27, 2014 – Cameron Lacroix of New Bedford, MA, has pleaded guilty to hacking the computer networks of law enforcement agencies across the United States, and obtaining stolen credit and payment card numbers. He has been charged with two counts of computer intrusion and one count of access device fraud. Lacroix obtained and possessed payment card information for more than 14,000 individuals including names, addresses, dates of birth, social security numbers, email addresses and bank account and routing numbers. He also admitted to breaching a server of the a local Massachusetts police department and repeatedly breaching servers of other law enforcement agencies across the country. Lacroix is scheduled to be sentenced on October 27th.
Thousands Of Koreans Have Banking Information Stolen By Malicious App
June 27, 2014 – Thousands of people living in South Korea have had sensitive information related to their banking accounts stolen by a malicious app in the country's specific Android app market. The app contains a virus that when installed automatically begins scanning for official online banking software, prompts the user that the app needs to be updated, and then replaces it with another malicious application. The new application will ask for usernames and passwords, banking card information, and other details and, once acquiring them, will delete itself from the phone. The application that is first installed and then loads the virus into the Android device varies - from popular games to utility apps that are for various reasons not officially available through Google and must instead be installed from unofficial Android markets. On some days, over 6,000 South Koreans become infected by the virus.
Public Health & Human Services Breach Compromises 1.3 Million
June 26, 2014 – The Montana Department of Public Health and Human Services (DPHHS) has suffered a data breach. Hackers were able to access a server and compromise sensitive information belonging to 1.3 million individuals. The compromised information includes names, addresses, dates of birth and social security numbers. Upon discovery of the breach, DPHHS officials immediately shut down the server and contacted law enforcement.
European SCADA Systems Hit With Havex Malware
June 26, 2014 – Researchers have discovered a new Stuxnet like malware, known as Havex, which has been used in a number of cyber attacks against energy organizations. Havex is programmed to infect industrial control system softwares of SCADA and ICS systems. It appears that the hackers are using the malware to harvest data from infected machines used in SCADA/ICS systems. Researchers believe this indicates that the attackers are not just trying to compromise the networks of companies, but they also want to control the SCADA/ICS systems.
New Zero-Day Puts Thousands Of Wordpress Blogs At Risk
June 26, 2014 – A new zero-day vulnerability has been discovered in TimThumb, a popular image resizing library used in thousands of Wordpress themes and plugins. The vulnerability resides in TimThumb's Webshot feature, and allows attackers to execute commands on a remote website. A hacker can execute a simple command that will allow them to create, remove and modify any file on a victim's server. TimThumb users can disable the Webshot feature.
BBC App Hacked
June 26, 2014 – The BBC News reader app for iPhones was hacked and used to send fake “Breaking News” notifications. The BBC issued an apology after the fake news item was sent out, saying, “We apologize for previous two test push notifications from BBC News which were sent in error.” Some security experts believe that the app was not actually hacked, but the hackers exploited the way in which the BBC feeds in breaking news alerts to push them out to the users.
Hackers Attack European Bank, Steal $700,000 In One Week
June 25, 2014 – Security researchers are alerting the public to a cyber attack in Europe where criminals were able to steal roughly $700,000 in just one week. Over 190 customers of the bank have been identified as victims; the majority of them hail from Italy and Turkey. According to the researchers the criminals deleted all evidence that could have been used to track them down and carried out the attack by using a Trojan that intercepted financial information and executed banking transactions as soon as the victim logged onto their bank's online portal. The attack has been codenamed the Luuk campaign and the researchers believe the attackers will strike again.
Anonymous Targeting EU Sustainability Week Site
June 25, 2014 – Members of the Anonymous collective are claiming to have breached the EU Sustainability Week website. The hackers claim to have compromised 10,000 accounts belonging to companies and governments involved in the high level policy conference. Anonymous issued a press release saying, “This operation aims to underline the hypocrisy and deceit of the financial powers in Europe. Today begins the week of marketing energy, and sustaining profits for the biggest companies. The event is organized by the European Union, however, the list of accounts that we have stolen from the database . . . indicates that high profile companies are also involved in the profitable destruction of ecosystem.” Anonymous is calling on all hackers to join in the attacks under the campaign OPGreenRights.
Pakistani Protesters Take To Website Defacement Against Police Brutality
June 25, 2014 – Pakistani Hackers have increased their defacement of government and private-industry websites following a string of perceived brutality against protesters. The official website of the Directorate General Public Relations - a major website of the Government of the Punjab region - has been hacked and defaced, with its content replaced with a picture of police beating an unarmed youth and a message accusing police of killing innocent people. Team Pak Cyber Experts claimed responsibility for the attack. The Pakistan Haxors Crew took down the website of the Pakistan Electric Power Company just a few days earlier also in protest of police brutality.
At Least One GameOver Zeus Campaign Escapes Law Enforcement Crackdown
June 25, 2014 – Despite the international coordination of law enforcement and private security firms that took down most GameOver Zeus servers, researchers have discovered a new campaign - codenamed Citadel - that used the trojan to create a new botnet system of infected computers. The new campaign acts similar to old ones - infecting computers with ransomware that demands payment to unlock the devices, stealing financial and personal information, and connecting the computer to a network of other infected devices to be used in targeting other networks. It is unknown how this campaign escaped the law enforcement crackdown, though experts believe the criminals have slowly changed the malware versions used in the campaign as a means of making it more efficient.
Major Video Game Company Suffers Massive DDoS Flood Attack
June 24, 2014 – An unnamed video game company's website suffered a massive distributed denial-of-service attack that brought nearly 110Gbps worth of traffic in an attempt to shut it down. The attack is reportedly still ongoing. Though security experts are not revealing the name of the company, it is said to be one of the larger and more well-known companies rather than an independent developer. The attack is the most recent DDoS flood attack to be discussed by researchers, and many believe the trend of rushing servers with tremendous amounts of traffic will only continue as the number of botnets - or completely compromised computers - continues to grow worldwide.
Industrial Sector Targeted With Havex Trojan
June 24, 2014 – Havex, a remote access Trojan typically targeting the energy sector, has been found to have infected several industrial control systems. Over 88 variants of Havex have been discovered and all contain the potential to completely take over a user's machine and steal data. By targeting industrial control systems, experts believe criminals are trying to gain access to industrial electrical, water, gas, oil, and data supplier machines. Over 1,500 infected machines have been identified, and the malware is delivered by compromising the website of ICS vendors - so that user's computers are infected when they check for updates or browse for additional products - as well as through spam and phishing campaigns. Security experts believe this is more about cyber espionage than an attempt to gain payment information, in part because of the sophistication of the software the systems target provide complete access to industrial data and transmit information on hardware to infected servers rather than information such as credit card data.
British Gas Twitter Page Hacked
June 24, 2014 – The customer help page on Twitter for the company British Gas has been hacked. Customers have been receiving strange tweets and links to phishing websites. The account began to post links to what it claimed were interesting content, just for users to be redirected to a fake Twitter page that requested their log in credentials. The company's Twitter page was verified and had a reputation for interacting with customers, so it is unknown how many victims clicked on the links and gave out their information.
Alabama Police Department Infected With Ransomware
June 24, 2014 – The computer system at the Collinsville, Alabama Police Department has fallen victim to ransomware. Delivered through a phishing campaign, the ransomware spread quickly through the station's computer network and ultimately infected seven machines. Of the information encrypted and held for ransom was mug shots and photos/videos meant to be used as evidence. The department is unsure if its backup system is working properly, and has promised not to pay the ransom - even if it means having to rebuild their network and files from scratch. In part because of the plethora of files and e-mails police stations receive from outside groups - other departments, lawyers, victims, community groups - experts warn that police stations are extremely vulnerable to phishing campaigns.
Reuters Attacked By Syrian Electronic Army
June 23, 2014 – Reuters suffered an attack on Sunday when all visitors to their website found themselves redirected to a page controlled by the Syrian Electronic Army. The webpage users were brought to contained a simple message that read, "UK government is supporting the terrorists in Syria to destroy it, Stop spreading its propaganda." Though the hack impacted Reuters, it appears fault lies with the Taboola advertisement firm that creates many of the advertisements on the news organization's webpage. The company reported that a phishing campaign released passwords to the hackers who then exploited dynamic code features of some advertisements to redirect all visitors of the Reuters website.
Hedge Fund Loses Millions To Sophisticated Cybercriminals
June 23, 2014 – An undisclosed hedge fund in the United States suffered millions of dollars worth of damage when cybercriminals gained access to their trading system. In what has been described as a sophisticated attack, the criminals installed malware on the computers of traders by specifically designing an infected e-mail that contained information about capital markets that a hedge fund worker would want to read. Afterwards, the malware would send all information about active trades to a server so that the criminals could profit off of the data. Though the company's trade would still go through, the malware delayed its execution enough that the criminals could 'buy' or 'sell' on the market first, giving them priority on prices. The company estimates it lost millions of dollars in damages because the criminals' trades altered the price of their own actions.
Code Space Shutting Down Due To Extortion Attempt
June 23, 2014 – Code-hosting provider Code Spaces was brought down when hackers gained access to the Amazon Elastic Compute Cloud (EC2) control panel of the site. EC2 and Code Spaces are part of the Amazon Web Services, which allow customers to rent virtual computers where they can run, test, and develop code. The service first suffered a distributed denial-of-service attack that shut down its servers, and was ultimately revealed to be part of an extortion attempt by cyber criminals. When administrators attempted to gain access to the system, the extortionist responded by deleting large amounts of data belonging to both the company and customers. According to a spokesperson: "We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI's, some EBS instances and several machine instances". Code Spaces has announced it will now shut down, with the financial burden of rebuilding their data and refunding customers beyond its capabilities. Their spokesperson added, "In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted."
Bitminer Facebook Trojan Spreading Fast
June 23, 2014 – A new malware campaign spreading on Facebook targets European and Indian users in an attempt to turn their computers into bitcoin mining machines. Security researchers are alarmed at the speed of the malware's spread. Victims receive a private message from a trusted 'friend' with the message "hahaha" and a file attached that masquerades as an image but is really a zip file. Once clicked on, various pieces of software are installed through a dropbox executed link that enables the hackers to install everything they need to take over the victim's computer. Experts suggest that the attack may be ineffective at mining - as most laptops and computers are not powerful enough to be efficient - and that the attackers may switch to installing other malware that would steal other information from the victims.
American Express Notifies Customers Of Two More Data Breaches
June 20, 2014 – American Express is warning customers that it was once again the victim of a data breach that revealed various bits of information to hackers. This makes the second and third time in one month that the credit card company has been forced to deal with such data leaks. Names, account numbers, and card information were exposed when hackers gain accessed to a merchant's system, but no social security information was revealed. It is believed that one of the breaches resulted from a hack of a hotel and hospitality company which was discovered in January, and the other comes from a luxury service company. American Express has not personally released any more details about the breach.
American Airports Targeted By State-Sponsored Hackers
June 20, 2014 – A new report has identified a long-standing operation by state-sponsored actors to spy on aviation systems at 75 U.S. airports. Law enforcement officials were able to identify and stop the attack in its early stages, but not before two airports had their security systems breached. Various aviation officials were targeted by sophisticated phishing campaigns that attempted to install malicious code on networks. It has not been made public if the attack was centered on just understanding how the infrastructure in the U.S. worked or if attackers were attempting to gain cargo and passenger manifests. Through coordination with industry and cybersecurity agencies, all infected networks were cleared and all airports were alerted to the attack. It is unknown what information was obtained or what actions were taken in the two infected airports, which were not identified.
SEA Defaces UK's The Sun And Sunday Times Websites
June 20, 2014 – The Syrian Electronic Army (SEA) has breached and defaced the websites belonging to two UK newspapers – The Sun and the Sunday Times. Both sites displayed the following message, “Hacked by Syrian Electronic Army – Stop publishing fake reports and false articles about Syria! UK government is supporting the terrorists in Syria to destroy it, Stop spreading its propaganda.” Both sites were restored after a few minutes. A spokesman for the newspapers said, “We were back up within 20 minutes of the attack.”
Historical DDoS Attack Hits Hong Kong Democracy Movement On Eve Of Referendum
June 20, 2014 – A pro-universal suffrage democracy organization in Hong Kong known as Occupy Central has suffered what some are calling one of the largest and most persistent distributed denial-of-service attacks in the history of the internet. Occupy Central is pushing for democratic reform in the Chinese city-state that calls for the right for citizens to directly elect candidates running for office. Under the attack, the organization's website - which is running an unofficial referendum of Hong Kong citizens - has been suffering stability issues and in many cases could not be loaded by users. It is being reported that the organization's website is "battling 300Gbps+" worthy of DDoS attacks and that even more sophisticated attempts to bring down the site were occurring. The Popvote.hk site received over 1 billion hits in a short period of time. The online and in-person referendum is taking place Friday and Saturday. The organization has refused to place blame on China, saying instead that it is the doing of persons who simply do not want free elections in Hong Kong.
Tumblr and Pinterest Blogs Compromised By Redirecting Spam Script
June 19, 2014 – A large number of Tumblr and Pinterest social media blogs have been comprised by a redirection script that takes visitors to a spam site highlighting a fake miracle diet pill. Researchers discovered that in the case of Tumblr, a script implanted on the compromised sites that is hosted on the file-sharing service dropbox activates when a user goes to the blog and immediately redirects them to a fake version of Women's Health Magazine's website. In the case of Pinterest, the script also exploited the service's connection to Twitter to repeatedly send out the diet-pill spam on multiple accounts. It is still unknown how the accounts were compromised.
Ancestry.com Suffers Crippling DDOS Attack
June 19, 2014 – Ancestry.com, one of the world's largest ancestry research providers, has suffered a large distributed denial-of-service attack that temporarily shut down its services. The cause and reason for the attack are unknown. Ancestry.com and its subsidiaries serve over 2 million paying online users, and since the attack the services have been available only sporadically, with the company announcing that it is still not fully restored days after the attack started on Monday. Ancestry's Chief Technology Officer wrote to customers saying, "Your data was not compromised by this attack. This attack overloaded our servers with massive amounts of traffic but did not impact or access the data within those servers."
City of Manila Suffers Anti-Semitic Defacement By Turkish Hackers
June 19, 2014 – The official website for the city of Manila, capital of the Philippines, has been breached by a group of Turkish hackers. Going by the handles VirtuaL & DARKWAR2, the hackers defaced the page and replaced its content with anti-Israeli, anti-American images. Along with a message that read "Freedom For All Muslims" followed by profanity. The group left a list of several other sites the hackers have defaced. It is unknown why Manilia's site was targeted, though the hacker's history suggest it may have been chosen at random.
LinkedIn's Failure To Require HTTPS Connection Leaves Millions Vulnerable
June 19, 2014 – Security researchers have discovered that millions of LinkedIn users are at risk to Man-In-The-Middle cyberattacks due to weak Secure Sockets Layer (SSL) encryption. Though users login using a HTTPS connection, which typically secures encrypted credentials, the company is not using HTTP Strict Transport Security software which prevents any information from traveling over a non-HTTP connection. Hackers who manage to install malicious software on a public network (such as a wireless router) or on a specific device, can redirect user's traffic for LinkedIn from HTTPS to HTTP, allowing them to then steal the cookie that stores the login credentials for the site and gain access. Such attacks can only be prevented by requiring all logins to happen over HTTPS, and not just offering it as the default method of signing in.
AnonGhost Planning Friday Attacks On Energy Firms
June 18, 2014 – The hacking group known as AnonGhost has announced that they will be launching attacks on oil, gas and energy companies globally on Friday. The hackers said, “Petrol is sold in US dollars and Saudi Arabia has betrayed Muslims with their cooperation. So why isn't petrol sold with the currency of the country which exports it? Because the Zionists own us like that.” The planned attacks are a continuation of the OpPetrol campaign that began in 2013.
FBI Arrests NullCrew Member
June 18, 2014 – Timothy Justin French, a 20-year-old from Tennessee, has been arrested by the FBI and charged with federal computer hacking for allegedly conspiring to launch cyber attacks on five organizations. French is known as the hacker Orbit, a member of the NullCrew hacking group which has claimed responsibility for dozens of hacks against corporations, educational institutions and government agencies. According to the FBI, they have been working with confidential witnesses to communicate with members of NullCrew in chat conversations. During these communications NullCrew members disclosed past, present and future attacks and current methods used in attacks. Using this information, agents were able to trace five attacks to French. If French is convicted he will face a maximum sentence of 10 years in prison and a $250,000 fine.
AT&T Confirms Data Breach
June 18, 2014 – AT&T has confirmed that it suffered a data breach in April in which hackers compromised several mobile customers and stole personal information including birth dates and social security numbers. The number of customers impacted was not disclosed, however a California law requires disclosure if an incident affects at least 500 customers in the state. AT&T also did not give a reason as to why it took so long for them to disclose the breach. The company issued a statement saying, “AT&T’s commitment to customer privacy and data security are top priorities . . . employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization between April 9 and April 21, 2014, and, while doing so, would have been able to view your social security number and possibly your date of birth.” It is believed that these alleged employees were attempting to obtain unlock codes for devices so they could remove the devices from AT&T's network and sell them to second-hand markets around the world.
Hackers Access UK Government Intranet
June 18, 2014 – Francis Maude, the UK's Minister for the Cabinet Office, said that the UK Government's internal network was breached recently, when attackers gained access to a system administrator account. According to Maude, the hackers were a state sponsored group, who were detected and fended off in the early stages of the attack before any damage was caused. He said the efficient defense was thanks to “brilliant people working to keep us safe . . . drawn from GCHQ and the security services, the armed forces, the police and National Crime Agency, the civil service, and of course the private sector too.”
Evernote Suffers Forum Security Breach
June 17, 2014 – Following an attack on the servers that run its popular note taking service and temporarily brought down the software's network, the discussion forums of Evernote have been hacked and the login credentials of many users exposed. The breach allowed hackers to possibly gain access to some administrative functions and profile information including: login credentials, e-mails, and in some cases, birthdays of users who created their accounts in 2011 or earlier. Evernote has stressed that its own servers have not been breached and that the vulnerability was on the side of the private service that assists in hosting their forum. It is unclear if this attack is related to the distributed denial-of-service attack that targeted Evernote last week because they refused to pay an extortion fee to a hacker.
Anonymous Resumes Attack On World Cup In Brazil
June 17, 2014 – Following a lull in hacking activity by Anonymous despite its pledge to punish the Brazilian government and the sponsors of the World Cup, Anonymous has launched a series of cyber attacks as part of its OpWorldCup. Most attacks resulted in a leak of employee credentials and contact information: Globo TV Brazil (169 e-mails and names of journalists and employees), the Brazilian federal government (450 names and login credentials of employees), the Regional Electoral Court of the Amazon (e-mails and encrypted passwords of various officials), and the Power Plants of Northern Brazil (names, e-mails, and phone numbers of 3,400 users) were all victims. Anonymous also claims to have administrative access to the official portal of the federal police in Brazil and has attacked several other smaller targets. In support of the hacktivist collective, a group of Tunisian hackers have also attacked the database of Cemig Telecom, releasing the names and e-mails of 1000 employees and customers.
Iraq Terminates Internet Amid Violent Civil Crisis
June 17, 2014 – Researchers have identified two large internet outages throughout Iraq last week and have tied the moves to an attempt to stem the use of broadband technology by the militant group ISIS that has taken over large areas of territory. Hoping to hinder coordination of violent attacks, sources in the Iraqi government have admitted to using the shutdowns. The Internet has been shut off in Iraq before, most recently this Fall when a pricing dispute between retailers and the government led to the government attempting to stifle traffic as a sign of strength, just for the retailers to re-connect via a broadband connection to Turkey. It does not appear that ISIS has launched cyber attacks against the Iraqi government and that the outages are just to prevent communication by the group.
New Trojan Targets Banking Information By Duplicating Browsing Activity
June 17, 2014 – A new remote access Trojan has been discovered and is believed to target banking and financial services websites in part because of its ability to steal otherwise secure and encrypted browsing information. Nicknamed Dyre or Dyreza by security experts, the Trojan forces a user's browser to send all information to two sources instead of one - first to several corrupted servers owned by the hacker, and second to the legitimate site. To the user, the browser activity will appear normal and the address bar will continue to show "https" for secure sites. However, all information - including cookies - are being duplicated and sent freely to the corrupted servers, making it possible for cybercriminals to log in as the user and gain access to their financial information. The malware appears to be spread by spam and phishing campaigns and is targeting Bank of America, Citigroup, and the Royal Bank of Scotland.
Report Suggests Chinese Military Hackers Did More Than Steal Corporate Secrets
June 16, 2014 – A new report shows that Chinese military-backed hackers conducted espionage campaigns against American utilities, studying everything from command-and-control systems to guard patrols. Though the U.S. only publicly charged several Chinese officials with infiltrating computers to steal corporate secrets, the released documents suggest that the same hackers are responsible for infiltrating public utilities and stealing operational data as well. Rep. Mike Rogers, chairman of the House Intelligence Committee, said: "This is as big a national security threat as I have ever seen in the history of this country that we are not prepared for." National security experts are warning these particular hacks go beyond espionage, intelligence gathering, and attacks on corporate entities because they model the mapping of infrastructure in the lead up to traditional warfare.
Hackers Hold Domino's Pizza France Customer Data Ransom
June 16, 2014 – Hackers going by the shared handle of Rex Mundi have breached the servers of Domino's Pizza in France and Belgium, stealing over 600,000 records. The group announce the success of their attack, and demanded $40,000 USD from Domino's Pizza France or else they would release the data. Stolen information includes names, phone numbers, addresses, e-mail addresses and passwords. The company reassured customers that credit card data was not stolen, but did warn that the information Rex Mundi did have could be used for phishing attacks.
Over $600,000 in Dogecoins Mined From Infected Network Access Boxes
June 16, 2014 – A hacker has managed to mine over $600,000 in dogecoin, a competitor of the BitCoin cryptocurrency, from Synology network access storage boxes. Flaws in the DiskStation Manager operating system that powered the network file-sharing technology allowed the hacker, believed to be of German decent, to gain administrative access to a large number of devices. In a folder called "PWNED", the hacker left various files designed to carry out the CPU intensive data mining required to get the cryptocurrency. The flaw was identified nearly a year ago, and Synology has released several patches since to re-secure its network boxes. It is only recently, however, that researchers have identified that the malware was mining dogecoins and managed to purge the infected systems.
DeviantArt Website Targeted By Malicious Advertisements
June 16, 2014 – The world's most popular online art community, deviantArt, has been found to host potentially malicious advertisements. The malicious advertisements are connected to newly registered domains and, when clicked, bring the users to a site where they are requested to "update their media player" and windows drivers before viewing the site's content. Once they consent, users download a potentially unwanted application that spread spyware and slows down user's computers. DeviantArt ranks as the 148th most visited website.
Hackers Release Netflix Credentials
June 13, 2014 – The hacker group known as Derp has released hundreds of log-in credentials for Netflix, the popular streaming service. Despite the leak, security researchers are suggesting it may not be anything more than a joke. The nearly 2,000 passwords and usernames released have been identified as identical to ones leaked back in December, and random tests have shown that none of the credentials work. Some researchers are suggesting that Derp knowingly released the outdated log-in credentials for no reason other than to play on users' fears about hackers.
UPDATE: Romanian Hacker Guccifer Indicted In The US
June 13, 2014 – The Romanian hacker known as Guccifer has been indicted in a U.S. District Court for wire fraud, unauthorized accessing of a computer, cyber-stalking, obstruction of justice, and aggravated identity theft. The hacker has been sentenced to four years in prison in his native Romania for hacking various social media and e-mail accounts of celebrities and politicians in Romania, and his U.S. charges are for similar actions against American citizens. Though the indictment does not reveal who he attacked, it is known that the victims include family members of presidents, a Cabinet member, a member of the Joint Chiefs of Staff, and a former presidential adviser. Guccifer not only stole information, but he leaked some of it to the media on several occasions. He will be extradited to the United States after he serves his sentence in Romania.
UPDATE: TweetDeck Brought Down Accidentally
June 13, 2014 – Yesterday, TweetDeck - the second most popular Twitter management application - was brought down in a XSS (cross-site scripting) attack that exploited the ability to insert code into a Tweet. A 19-year-old Austrian has been identified as the 'cause' of the hack, though it was an accident. According to an interview, the teenager accidentally generated a heart image in his Tweet by typing "&hearts", which then allowed the Tweet to execute other codes. He alerted Twitter to the vulnerability, but also Tweeted about his discovery. Soon, various hackers were abusing the &hearts bug and eventually brought down the service.
P.F. Chang's Caught Off Guard By Data Leak
June 13, 2014 – An unknown number of credit and debit cards' information has been found for-sale online, all belonging to customers of P.F. Chang's China Bistros. Customers who used their cards in various P.F. Chang's from March to May in several states have been exposed in the leak. The company does not know how hackers were able to steal the card information, though P.F. Chang's believes the attack came from recording the mag stripe at the cash register and not a breach of its servers. It is cooperating with law enforcement to discover the cause of the leak. It is believed the hackers are from Russia, since they are asking for payment before June 12th - 15th, which "are the government holidays." June 12th is Russia Day.
Twitter's 'TweetDeck' Targeted With Cross-Site Scripting Attack
June 12, 2014 – TweetDeck, a Twitter application that allows users more management control of their tweets and Twitter profiles, has been disrupted by a XSS (cross-site scripting) attack. TweetDeck allows users to manage multiple accounts, schedule tweets, and connect their Twitter accounts with other social media platforms and has a 23% market share of all Twitter applications (second only to Twitter's own application). The attack caused malicious tweets to create pop-ups and warning messages on user's profiles, and to cause several obscene or malicious tweets to be automatically re-tweeted over and over again. The attackers exploited the ability to post any 140-character string in a tweet which allowed them to enter small bits of code that was eventually executed by the system. TweetDeck fixed the issue after shutting its services down for 30 minutes.
Anonymous Takes Down New York State Board of Elections Website To Protest World Cup
June 12, 2014 – The Anonymous hacktivist collective has taken responsibility for the defacement of the New York State Board of Elections website. In the attack, Anonymous left a video on the home page explaining why they are protesting the soccer World Cup which begins this week in Brazil. It is unknown how the New York government website is related to the sporting competition. Yesterday Anonymous took down the website of the Military Police of Sao Paulo also in protest, as well as released a list of potential targets, ranging from McDonalds to Budweiser.
Anonymous Denmark Leaks Details Of Socialist Party After Internet Monitoring Bill Passes
June 12, 2014 – The Danish parliament has approved a bill that allows the government to track user's Internet activity. Joining protests from human rights organizations, Anonymous Denmark has hacked several accounts belonging to the Danish Socialist political party and leaked the information online. The collective released names, e-mails, passwords, addresses and social security information of multiple parliamentarians who voted for the bill. Anonymous left a message for the public that read: "We are strongly encouraging whistleblowers and other hacktivists to reveal what our politicians will try to keep away from the general public."
Svpeng Trojan Evolves From Finance-Stealer To Mobile Ransomware
June 12, 2014 – The Svpent Trojan, discovered a year ago by security researchers, was initially designed to target mobile banking accounts. Researchers are now reporting that the Trojan has been modified to lock the entire Android mobile phone and demand a ransom for its release. Unlike the first-ever ransomware to target Andorid devices reported on last month, which can encrypt a select number of files to demand a ransom, Svpent locks the entire phone and only allows the user the ability to 'pay' or turn off their device. Researchers believe Svpent started out as a banking trojan that targeted Russians, but this newer version is largely targeting the United States. Importantly, the Trojan also checks to see what banking mobile apps are installed on the device and reports this to the hackers, suggesting the attackers are gathering an understanding of the mobile apps used in the United States as opposed to Russia to continue the original design of the Trojan - to steal financial information.
Evernote And Feedly Hit With DDOS Attack And Extortion
June 11, 2014 – Two popular apps - the news aggregator Feedly and the web clippings service Evernote - have come under heavy distributed denial-of-service attacks that prevented users from accessing application functions. In a blog post, Feedly said: "The attacker is trying to extort us for money to make it stop." It is unknown if the attacks are connected, but the two applications have a working and developmental relationship and can be used together. The two companies have assured users their data is safe and are doing everything possible to restore functionality.
Anonymous Takes Down Sao Paulo Police Website In Protest Of World Cup
June 11, 2014 – In its latest attack in protest of the Word Cup to be held in Brazil, Anonymous has taken down the website of the Military Police of Sao Paulo thanks to a successful distributed denial-of-service attack. Anonymous released a press release following the attack, claiming responsibility and attacking the Brazilian President for not doing more for indigenous people. Last month Anonymous stated it was going to enhance its protest against lavish spending on the World Cup despite wide-spread perceptions of poverty and corruption in the country. The collective has also threatened sponsors of the World Cup.
Two Russian Hackers Possibly Responsible For 'Lost My iPhone' Hack On Australia
June 11, 2014 – Authorities have arrested two Russian hackers - aged 17 and 23 - who have reportedly confessed to hacking various Apple devices and holding them for ransom. It has strongly been suggested the arrest involves the hacking of iPhones and iPads largely in Australia and New Zealand. Russian authorities claim to have found various hacking equipment and literature belonging to the two people and believe they may be involved in several other cases outside of the 'Lost My iPhone' exploit. The hack left a message on the user's phone demanding a small payment to unlock the device, and blamed "Oleg Pliss" for the attack.
Energy Firm Employees Targeted Via Social Media
June 11, 2014 – Security researchers are warning that hackers are beginning to use social media networks to target employees of energy firms. They identified one particular campaign as an example. In an attempt to get individuals to install malware onto their computers, hackers created a fake persona who reached out to important individuals at a particular energy firm about applying for a job. After conversing, the fake profile would send a resume and several other files to the individual, one of which was infected with malware. The attackers targeted user's personal e-mails instead of their professional ones as these generally have weaker security standards. As well, social network sites are more likely to be linked to personal accounts instead of work e-mails.
New Cyber-Espionage Group Identified
June 10, 2014 – Security experts have identified a new cyber-espionage group called Putter Panda. It is believed that this group is backed by China's People's Liberation Army. Targeted attacks against US defense and European satellite and aerospace industries have been linked to the group. One of the groups members has been identified as 35-year-old Chen Ping, who is the registrant for several domains used by Putter Panda. Most of the group's attacks are exploits of vulnerabilities in popular applications such as Adobe Reader and Microsoft Office.
New Banking Trojan Discovered, Alternative To Zeus
June 10, 2014 – Researchers have discovered a new banking Trojan that is seen as an alternative to the Zeus Trojan. This new Trojan is called Pandemiya and is similar to Zeus in that it enables hackers to steal form data, login information and files from infected devices. Pandemiya is able to inject fake elements into websites, capture screenshots of victim's computer screens and encrypt its communications with the control panel. What makes this Trojan unique is that it was written without sharing any source code with Zeus. Pandemiya is available for purchase in underground forums for $1,500 for the core application to $2,000 for the core application and additional plugins.
Canadian 9th-Graders Hack ATM
June 10, 2014 – Two 9th-graders from Canada were able to hack into an ATM at the Bank of Montreal after discovering an old manual to the machine online. The manual provided detailed instructions on how to access administrative privileges and provided the default password to the machine - which was never changed. The children alerting the bank of the flaw and, when faced with disbelief, hacked into the computer once again and begin printing administrative details and changed the message of the ATM. The bank has accepted their proof and has assured customers it was fixing the issue.
Researchers Warn Smart TVs Are Vulnerable To Broadcast Hack
June 10, 2014 – Smart TVs have been made vulnerable to hacks by the introduction of a new feature - HbbTV. Hybrid Broadcast Broadband Television is an increasingly used feature on Smart TVs that enable the television to render embedded HTML. With little to no security features, a user who visits a compromised broadcast displaying HTML could find themselves infected with malware that will begin to compromise the TV, steal data, attempt to disrupt local systems such as a printer or router, or turn to the Smart TV into a botnet to carry out distributed denial-of-service attacks elsewhere. Importantly, researchers believe that - though extremely dangerous - attacks are unlikely for some time as they require an infected signal to be broadcast out similar to broadcast television.
Anonymous Launches #OpHackingCup And Targets Brazil & Sponsors
June 9, 2014 – Members of the hacking collective Anonymous have announced their intention to target the commercial sponsors of the World Cup, this year to be held in Brazil, in protest of what some see as excessive spending during a time of austerity. Acting as a spokesperson for the movement, Anonymous hacker Che Commodore has announced that vulnerable sites have already been identified. The hacker siad, "We have a plan of attack." As the date of the cup approaches, Anonymous has had small attacks against government e-mails or business websites, but the campaign, known as #OpHackingCup continued to be suggested not to start until the cup's first day.
Romanian Hacker Guccifer Sentenced For Hacking Into Government E-mails
June 9, 2014 – A Romanian hacker best known for breaching the e-mails and social network accounts of several government officials and popular entertainers has plead guilty and been sentence to a total 4-years of jail. Marcel Lazar, also known as the hacker Guccifer, was sentenced for repeatedly hacked the e-mail of Romanian politician Cornia Cretu, as well as the head of the Romanian Intelligence Service, George Major. The hacker has also targeted members of the American Bush family, Colin Powell, US military personnel, British politicians, and members of the Council on Foreign Relations. Guccifer was apprehended via a partnership between American and Romanian law enforcement. Though the hacker plead guilty, he argued for leniency saying that hacking e-mail was not as serious of a threat as the government suggested since, he said, almost everyone has their e-mail hacked at one point.
Saudi Arabian Hacker Targets American Electronic Road Signs
June 9, 2014 – Security experts have identified a Saudi Arabian hacker believed to be responsible for a string of hacks against Electronic Road Signs in late May and Early June. Replacing the instructions or warnings on the signs with silly messages, the hacker's attack was relatively harmless but cost time and money for officials to fix. In some cases the hacker changed passwords or infected systems with malicious code, forcing factory resets of the signs. Though the identity of the hacker was not released, authorities did state they are not believed to be affiliated with any group and has a track record of defacing devices attached to the internet, and then explaining to other hackers how to do so. Security experts report that this is a good example that as more devices are connected to the internet, security standards need to be strengthened.
New Hampshire Police Department Infected With Ransomware
June 9, 2014 – The police department in Durham, New Hampshire reports that several of its systems were infected by the Cryptolocker ransomware. The malware was introduced into the police department's system through e-mail phishing, where the code was hidden in what appeared to be a legitimate file. The infected machines were immediately isolated and the police department began disinfection routines and restoring data through backups. The Town Manager stated that no ransom would be paid to free the files, and that little data was lost because of the department's backup system. Cryptolocker is a powerful ransomware software that is nearly impossible for most users to decrypt, making it very difficult to restore one's files without paying the fee or using a backup system.
Heartbleed Investigation Leads To Discovery Of New Vulnerability
June 6, 2014 – Since the discovery of Heartbleed earlier this year, security researchers have been taking a harder examination of OpenSSL, an encryption standard for the web. The latest vulnerability discovered threatens to allow hackers to intercept active communications, change data, or create sophisticated social-engineering attacks to gain even more sensitive data. When on the same network as a user - such as a public WiFi spot - the new vulnerability can allow a hacker to force unsecure encryption keys when the user connects to a server, thus giving the attacker the knowledge to access, ease-drop on, and even change ongoing communications. All PC and mobile software using OpenSSL that have not been updated to the latest version are vulnerable. The vulnerability has been a part of the software for 16 years.
US Military Hack Leaves South Korean Employees Exposed
June 6, 2014 – General Curtis M. Scaparrotti, commander of US Forces in South Korea issued an apology for the “possible theft” of private details belonging to South Korean employees. Two databases were hacked leading to almost 16,000 current and former workers, almost all Korean nationals, and people who have applied for jobs with the US military exposed. The details contained on the databases include names, contact information and work history. No classified military data was compromised in this hack. The incident is currently being investigated.
Apple, Google And Amazon Purge Fake Virus/Malware Detection Apps
June 6, 2014 – Over the last year several security researchers have issued warnings on fake Anti-Virus or Malware Detection applications popping up in the application stores of Apple, Google and Amazon. Either acting as a new company or pretending to be an established brand, the applications trick users into installing them and thus install malware, steal information or at least just charge a fee while providing zero protection. In a recent move, Google and Amazon have purged their respective stores of any application that independent security researchers have pointed to as fake, and Apple has taken similar steps when users or media report on the issue.
IPMI, Important In Maintaining The Cloud, Revealed To Be Extremely Vulnerable
June 6, 2014 – A new report showcases that IPMI - Intelligent Platform Management Interfaces - leave servers extremely vulnerable to intrusions and attacks. Independent computers that assist larger servers in managing out-of-band communications, IPMI enables remote control by administrators and allows access to memory, networking and storage. Detailed in the report, the vast majority of servers utilizing IPMI are extremely vulnerable to attack because of lax security practices and weak software. Roughly half of all IPMI do not require authentication for administers to login, and many contain weak encryption standards that allow hackers to easily steal passwords or force their way in regardless of security standards. The security team announced that not only could attackers steal information or cripple entire networks if they disabled the server, but that it was nearly impossible to upgrade the IPMI software and security standards to the point of making them more secure.
Android Sees First Encrypting Ransomware
June 5, 2014 – Security researchers are warning Android users of the first-ever ransomware that actually encrypts the files of an Android device. Ransomware is an increasingly popular form of malicious software that locks a victim's computer and demands payment in order for a user to regain access. On computers, ransomware will also begin to encrypt a user's files so that even if the victim manages to remove the malicious software, they will not have access to their files - thus increasing the chance the victim will pay. Until now, no ransomware for Android smart phones was sophisticated enough to encrypt user files. The new software provides victims a warning - in Russian - that they have accessed child pornography and that payment is required for their phone to be unlocked, all while it begins encrypting random files on the phone. Experts warn paying the ransom only encourages more ransomware.
United Kingdom Wants To Hand Out Life Sentences For Serious Cyber Attacks
June 5, 2014 – The British government announced it wants to hand out life sentences to anyone found guilty of 'serious cyber attacks', especially those that result in the loss of life, illness or injury, or poses a serious threat to national security. Sentencing also became harsher if the attack damages the economy or the environment of the United Kingdom. The government believes the punishment laws around hacks - many established in the 90s - are outdated and do nothing to stop the growing issue of cyber-espionage on businesses. Opponents argue that many of the attacks suggested are unrealistic and have only happened in movies or books, and that tougher laws make the internet unsafe by forcing researchers to avoid certain areas of research. Some experts believe that under these new laws, any UK researcher who was working on understanding the Heartbleed bug would need to be arrested and that it equally punishes altruistic and criminal hackers.
Security Company ESET Defaced By Indonesian Hacker
June 5, 2014 – The website of the IT Security company ESET and several of its domains designated for Spain have been defaced by the Indonesian hacker Hmei7. The defacer left the same message on every page: "hello ESET your security service, need more security cheer from me, indonesian [sic] people". ESET has had its Spanish domains hacked and defaced before, most recently last year by a Panamanian hacker. Hmei7 is known in security circles as a 'serial defacer' who targets a wide array of websites.
US Hacker Charged With Breaking Into Law Enforcement and Academic Servers
June 5, 2014 – A 25 year-old hacker, Cameron Lacroix, of Massachusetts has been charged with hacking into computer networks across the United States, including those of law enforcement agencies and a local college. The hacker's motive was stated as acquiring sensitive law enforcement data, altering academic records, and stealing credit card information. Lacroix pleaded guilty and will serve four years in prison. The hacker obtained over 14,000 pieces of payment card information, as well as identification information and social security numbers. He also obtained information such as search warrants and intelligence reports, as well as the Chief of Police's e-mail account for a local station. He also changed his grades at the local Bristol Community College.
Linux Vulnerable To Attack Due To Bug In GnuTLS Cryptographic Library
June 4, 2014 – A major bug has been discovered in the GnuTLS cryptographic Library used by Linux, leaving the operating system vulnerable to remote code execution. The library is key in implementing secure communications with the Internet and other machines. In an advisory, the bug was explained as: "A malicious server could use this flaw to send an excessively long session ID value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code." Though a critical bug, the released patch designed to fix the problem shows that it stemmed from one line of incorrectly worded code.
Google Faces Attacks In China On Eve Of Tiananmen Square Anniversary
June 4, 2014 – The vast majority of Google services, from Gmail to image search, as well as the normal search engine, have been blocked in China on the eve of the Tiananmen Square anniversary. In an attempt to dissuade commemoration of brutal crackdown on pro-democracy protesters in 1989, China has arrested or detained a number of individuals and intensified its Internet screening policies. Though Google is generally freely available in Hong Kong, security experts are saying that almost all traffic to Google products, including in semi-independent Hong Kong, are being disrupted. One expert claimed, "This is by far the biggest attack on Google that has ever taken place in China," and it is unknown if the blocks will be lifted after the anniversary.
YouTube Restored In Turkey, Court Orders Government To Stop Censorship
June 4, 2014 – Turkey's Supreme Court has ruled a government ban on YouTube to be unconstitutional, citing freedom of expression protections. Stating, "everyone has the right to express and disseminate his/her thoughts and opinions by speech, in writing or in pictures or through other media," the court's ruling suggest that recent government actions in Turkey to punish Twitter, Facebook, and YouTube for hosting content that some see as hostile to the current government may be coming to an end. YouTube was largely blocked in Turkey in late March after a leaked audio recording of Turkish officials discussing security in Syria appeared on the site. Importantly, the Turkish government has already ignored court orders to lift the ban. Though YouTube is now accessible - after the elections have ended - the Turkish executive branch has reserved the right to block access in the future. The Turkish hacker group RedHack has targeted government institutions in recent months to protest the censorship movements.
Ransomware 'Poshcoder' Hides, Is Caught, In Windows PowerShell
June 4, 2014 – Security researchers have discovered new ransomware software that attempts to exploit the Windows PowerShell. Like all ransomware, Poshcoder begins encrypting all files on the hard drive of an infected machine and then demands payment for the unlock code. This newly discovered malware attempts to use Windows PowerShell, an administration framework that allows full access to systems so that administrators can perform tasks on local and remote systems, because experts believe hackers thought it would make it harder to detect or analyze the malware. However, researchers have shown that their use of PowerShell made it much easier for the malware to be identified, which will then speed up the development of detection and deletion practices with popular security software. Unlike CryptoLocker, which targeted users around the world, Poshcoder seems concentrated on English speakers in the United States.
US Leads International Team In Disrupting Damaging Malware Campaigns
June 3, 2014 – The U.S. Department of Justice announced that the FBI and other authorities have carried out an international effort to disrupt the "Gameover Zeus" botnet and "Cryptolocker" ransomware campaigns. "Gameover Zeus" is one of the most successful botnet campaigns in history, having stolen more than $100 million and infected nearly one million machines. Along with arresting the criminal believed to be the administrator of the botnet, US authorities have gained control of the botnet and are redirected the malicious traffic to government servers in an attempt to identify victims and to assist them in removing the malware. Similarly, the US has disrupted the "Cryptolocker" ransomware that encrypts victims' hard drives and only frees the information for a fee. Over 200,000 computers were infected, and some estimate that $27 million had been paid in ransoms. US and international authorities have seized the servers at the heart of the malware.
Anonymous Ukraine Leaks American Express Credit Card Information
June 3, 2014 – American Express has announced that over 76,000 customers had their credit card and personal information posted online by users claiming membership with Anonymous Ukraine. After being informed by law enforcement that information was suddenly appearing online, American Express confirmed to the public that its files have indeed been breached, though it is unknown if the credit card company was aware of attack before the information was posted by Anonymous. Though over 76,000 credit cards were contained in the leaked files, the company only contacted the 58,522 customers who had their names published along with the card information. It is unknown why Anonymous Ukraine - a splinter group of the larger Anonymous that formed during the recent crisis in the Eastern European country - had access to the files or potentially carried out the hack.
Monsanto Subsidiary Hacked, 1,300 Impacted
June 3, 2014 – The biotechnology and agricultural giant Monsanto has announced that one of its subsidiaries - Precision Planting - has suffered a security breach that exposed the login credentials and personal information of 1,300 customers and employees. Information potentially accessed includes addresses, driver's license numbers, social security information and tax IDs. Monsanto has been a target of Anonymous in the past, with the hacktivist collective claiming to have obtained thousands of e-mails containing sensitive information thanks to a hack last week. However, neither Precision Planting or Monsanto have named Anonymous in the attack, and in a press release stated, "The unauthorized access was not an attempt to steal customer information," suggesting the user files were not the target of the attack. Anonymous has also not taken responsibility for this attack.
Middle Eastern Hackers Target European & American Sites
June 3, 2014 – New security reports have named a series of attacks against Western governments and international businesses 'Operation Molerats' due in part because of their shared origin in the Middle East and because of their similar exploitations and attack patterns. Victims of the attacks include Israeli, Slovenian and American government bodies and the BBC. Molerat campaigns typically utilize freely available malware, and because of the repeated use of a fake Microsoft security certificate, the mixed use of English and Arabic-language content, and the apparent goal of infecting computers with the Xtreme RAT malware, researchers have come to believe that many recent attacks are actually part of a targeted campaign by the same hacker group. It is unknown what the hacker's goals are or if the attack is state sponsored.
15 Million Websites Put At Risk Through Popular WordPress Plugin
June 2, 2014 – Researchers have discovered that an extremely popular plugin for WordPress - 'All In One SEO Pack' - has exposed millions of sites to the risk of hacks and exploitations. The software, used to enhance search engine results of someone's website or blog, has been discovered to contain various critical flaws, and the developers released an emergency patch addressing them over the weekend. Over 15 million websites are currently using the plugin. The major vulnerabilities with the plugin revolve around the ability for any user - including guests and subscribers - to modify site code. This ability ranged from modifying site meta data and search results to injecting code into the site itself that could change the site's admin password or create a backdoor admin account. The plugin was also reportedly key to the massive DDoS attacks in recent months that utilized thousands of infected WordPress accounts.
Turkish Hacker Group 'RedHack' Moves Against Nuclear Power Summit
June 2, 2014 – The Turkish hacker collective, RedHack, which in recent memory has targeted the Turkish government over censorship and their response to the mining accident that made world headlines, has taken credit for defacing the website of the Ankara Chamber of Industry. The hackers reportedly targeted the group to protest against a Nuclear Power Summit that took place over the weekend. They defaced the site with a picture of a mushroom cloud and information about nuclear disasters, with the (translated) headline of: "Nuclear Power Summit supporters will Fall ASO hacked Redhack Taksm Free Text Will Travel". RedHack's attacks against the Turkish government and similar organizations have all been at least outwardly politically motivated - including another hack over the weekend of the website of the Governor's Office in Tunceli, Turkey to protest sexual abuse cover ups.
Adobe Flash Player Vulnerability Big In Japan
June 2, 2014 – Security researchers have discovered that 94% of hacks exploiting a vulnerability in the popular Adobe Flash Player were targeting Japanese users. The attacks use a bug in Adobe Flash Player that allows it to download files on its own with little input - if any - from the user. If a user visited an infected site, or was redirected to an infected site by an exploit in the player itself, malicious code would then execute through the Flash Player. Many legitimate websites in Japan - from travel agencies to blog services - were compromised by hackers and loaded with the malicious code, and researchers believe over 8000 attacks occurred last Monday and Tuesday alone. Adobe claims to have patched the issue.
Linkin Park Facebook Page's Hack Exposes 62 Million Users To Spam
June 2, 2014 – The official fan page for the band Linkin Park, with over 62 million followers, has been hacked. The attackers have filled the feed with lude images, spam and links to random - and occasionally malicious - sites. It is unknown who is behind the hack or how long it will take the Linkin Park team or Facebook administrators to restore the site.
Food Giant Monsanto Hacked By Anonymous
May 30, 2014 – In another move against the bio-technology giant Monsanto, the hacktivist group Anonymous has claimed responsibility for bringing down the company's website. This is a follow up to an announcement last week that Anonymous, under its Operation Green Rights, obtained over 18,000 e-mails and passwords belonging to Monsanto and other companies. Stating, "We are prepared to retaliate against the industry giants responsible for polluting and contaminating natural resources," the group targeted Monsanto, Syngenta, Dupont, and other major bio-technology companies. Operation Green Rights claims to oppose corruption and lobbying in the agricultural industry and supports defending small farmers and raising public awareness on genetically modified food. Monsanto's website has been restored, and Anonymous has yet to release the data it claims to posses. Anonymous has been targeting Monsanto since 2012.
Heartbleed Bug Can Steal Android Data When Connecting To Wi-Fi
May 30, 2014 – A new report warns that the Heartbleed bug that shocked the internet two months ago can still be used to exploit Wi-Fi vulnerabilities. Nicknamed Cupid because it exploits Wi-Fi instead of the open web like Heartbleed, the vulnerability allows attackers to pull information from routers or have routers infected with malicious code steal data from Android devices when they connect. Not all routers are infected, and only Android devices still running version 4.1.1 of the Jelly Bean operating system - estimated at over one million - are vulnerable. Researchers believe damage from this exploit will be much more limited compared to Heartbleed, but that hackers targeting popular Wi-Fi hotspots could still steal passwords, security keys, credentials and other information. Importantly, all a victim has to do is connect to an infected Wi-Fi spot to have information stolen.
Arizona's Department of Homeland Security Website Defaced
May 30, 2014 – The websites of the US Department of Homeland Security in Arizona and the Arizona Commission on Indian Affairs have been defaced. The Turkish attacker, known as Swan, left a message that read: "Hacked By Swain ( Stop Violence in Middle East !..).” In the attack against the Homeland Security site, Swan was able to break into an administration page of the entire server, thus defacing every single page connected to the website. Swan is known for defacing various websites - from government to personal - and defacing the pages with simple messages urging the ending of violence around the world and especially in the Middle East. The websites were restored soon afterwards.
OpenSSL To Undergo Security Audit
May 30, 2014 – OpenSSL, the open source cryptographic software at the heart of the Heartbleed bug exposed two months ago, is about to undergo an intensive security audit. Funded by the Linux Foundation, a project called the Core Infrastructure Initiative will be founded with two full-time developers whose sole purpose will be to increase the security of the critical infrastructure OpenSSL and other major open source programs. Beyond exposing millions of users to hackers, Heartbleed has exposed just how poorly funded open source projects can be, and has forced major tech giants to come together to fund better security. The Initiatives mission is to "move from the reactive, crisis-driven response to a measured, proactive way to identify and fund those projects that are in need."
China Accuses US Of Cyberspying, Removes IBM Servers From Banks
May 29, 2014 – The China Academy of Cyber Space has issued a report titled, “America's Global Surveillance Record”, in which they accuse the US of “unscrupulous” surveillance. As a response to this report, China has announced a decision to remove all US-made IBM servers from their national banking system. An excerpt from the report states, “America's spying operations have gone far beyond the legal rationale of 'anti-terrorism' and have exposed the ugly face of its pursuit of self-interest in complete disregard for moral integrity.” The removal of IBM servers in favor of Chinese-made products, is the latest move designed to eliminate the dependence towards US information and technology companies.
Report Claims Half Of US Internet Population Hacked In 2014
May 29, 2014 – Security researchers are warning that nearly half of all American adults browsing the internet experienced some form of hack in 2014. Over 11 million Americans were hacked directly thus far, and over 432 million accounts - from Facebook to eBay - have been breached. The increasing risk of personal or financial information being stolen or misused comes from a combination of stronger, more sophisticated attacks by hackers and the continued use of outdated software such as the Windows XP operating system. In an attempt to target larger institutions, criminals are pulling together resources to create fewer but more personalized attacks which have a greater chance of exposing more information. As well, the cost in time and money to continually upgrade software and security tools leaves both corporations and individuals vulnerable, according to the report.
Decade Old Encryption Program TrueCrypt Mysteriously Shuts Down
May 29, 2014 – One of the world's most used encryption programs, TrueCrypt, has shut down and warns users that "using TrueCrypt is not secure as it may contain unfixed security issues." The popular service adds encrypted protection for files hosted online or entire hard drives, and an audit last year by cryptography and security professionals showed the service was still a strong and secure means of gaining privacy and that there were no known backdoors exploited by the NSA, an issue of big concern following revelations that other encryption programs had been cracked by the U.S. government. Both the shut down and the warning that TrueCrypt is not as secure as people thought have alarmed many, especially by its suddenness.
Iranian Hackers Use Facebook To Scam Military And Governments
May 29, 2014 – An Iranian cyber-espionage campaign has been brought to an end after three years by the deletion of several fake Facebook profiles. Iranian hackers created a fake news service, NewsOnAir.org, which reposted articles from the BBC, Reuters, and AP that they then used to trick US, British, Israeli and other officials to download malicious software. By creating fake Facebook profiles for the journalists and defense consultants for the site, the Iranians linked to the friends, family and colleagues of key professionals, and ultimately used those connections to gain access to their ultimate targets, including a 4-star U.S. general. Once trust was established, the hackers would switch from sending normal news links to malicious ones - ultimately targeting hundreds of officials. The Facebook profiles have been deleted following the campaign's exposure.
Spotify Hacked, Urges Android Users To Upgrade
May 28, 2014 – The popular music streaming product Spotify is urging users to upgrade their Android application following a security breach that exposed user information of one individual to a hacker. Spotify reported that one intruder was able to access some data, but was unable to obtain the password or any financial information. Despite the extreme small scale breach compared to hacks of major companies like eBay or major breaches such as the Target credit card issue this last holiday, the company states it is taking no risks with its user's data, going far enough to require an upgrade that will force users to spend time redownloading playlists and other files. Spotify has not released information on whether the hacker was targeting the one individual or Spotify in general.
Apple Blames Users, Defends iCloud For Global Ransomware Attack
May 28, 2014 – In an update to a story reported yesterday, the incident of iPhones and iPads being locked with the message "Hacked by Oleg Pliss" in Australia and New Zealand has now spread to the United States and other countries. The hack exploits a flaw in the 'lost my phone' feature of the latest generations of Apple Products where the attacker is able to impersonate a secure Apple server. In response to the incident, Apple stated that the iCloud service (which is responsible for 'lost my phone') is working properly and has not been breached. Instead, Apple argued that users most have given away their passwords in a phishing scam or exposed their passwords and usernames for another internet service which also happened to be their Apple ID. Some users have discussed on the Apple support forum that they were recently victims of a such a phishing scam.
Southern Hemisphere's Fastest Super Computer Hacked
May 28, 2014 – A super computer in New Zealand, named FitzRoy, has been attacked by a hacker believed to be from China. The computer, which has the power of over 7000 laptops working simultaneously, is designed to study global weather patterns and climate change and is the fastest computer of its kind in the Southern Hemisphere. Researchers are unsure what the hacker was trying to do, with experts split between the ideas that the hacker was hoping FitzRoy was connected to other government servers or that the hacker hoped to turn it into a super 'botnet' computer. The second option could be exploited to solve cryptographic problems - including spy codes. Regardless, New Zealand's researchers were able to detect the breach quickly and disconnected FitzRoy from the network and switched to backup systems based in another city to repair any damage. They report the problem has been fixed.
Website Of Taj Mahal And Agra Fort Targeted By Pakistani Hackers
May 28, 2014 – The Pakistan Haxors Crew have made the websites of the Taj Mahal and Agra Fort their next targets in a recent spree of attacks against Indian websites. The defacement campaigns replaced information with the Pakistani flag and included the same messaged used in all their attacks: "Pakistan Haxors Crew is here to remind you of your Security.. Our fight is not against any individual but the system as whole".
Government Asks For Leniency In Sabu Sentencing
May 27, 2014 – Hector Xavier Monsegur, the former hacker known as Sabu, was arrested in 2011 and faced two decades in prison for various cyberattacks against major corporations. As leader of LulzSec, a splinter group of the hactivist collective Anonymous, Monsegur led attacks against Nintendo, PayPal, and Fox, among others. However, by cooperating with the FBI, Monsegur has been responsible for stopping over 300 hacks and preventing millions of dollars in damages. After his arrest, Monsegur assisted the FBI in tracking LulsSec, Anonymous, and other hackers, began providing evidence against his former teammates, and assisted in capturing Jeremy Hammond - the former FBI's Most Wanted cybercriminal. Due to his cooperation, the federal prosecutors asked a judge to reduce Monsegur's time in prison to no more than two years.
Apple Users In Australia and New Zealand Hit With Ransomware Attack
May 27, 2014 – Many Australians and New Zealanders discovered Tuesday morning that their iPhones and iPads had been locked and hacked. The devices showed the message, "Device Hacked by Oleg Pliss..." and then demanded money for it to be unlocked. It is unknown how many people have been affected. The attack is believed to exploit the 'Lost my phone' feature present in new Apple devices that was discussed on an earlier Watch Desk bulletin. Apple has yet to make official comment, though several users have posted makeshift solutions online.
AutoNation Suffers Hack, Exposes Credit Card Data To Attackers
May 27, 2014 – AutoNation, Inc, one of largest car retailers in the United States, has alerted customers that hackers may have obtained their personal information - including financial details. TradeMotion, a third party affiliate of AutoNation, recently experienced a cyberattack that left parts of AutoNation's own website vulnerable, exposing customers' personal information and credit card numbers to hackers. It is unknown how many users are impacted, but they are warning any customer who used AutoNation from March 5 to May 2, 2014 to monitor their financial activity.
Avast Anti Virus Forum Hacked, 400,000 User Credentials Compromised
May 27, 2014 – The forum of Antivirus firm Avast has confirmed it has been hacked, and that log in ids and passwords of more than 400,000 users were compromised. Though the forum boasts 200 million registered users, it believes most users are safe. No financial data was stolen, however users have been urged to change their passwords in case their Avast credentials are the same for other popular sites. The forum has been shut down and is in the process of being rebuilt; Avast blames the third-party hosting platform as the reason for the vulnerability.
Hacker Claims To Have eBay Database
May 23, 2014 – An unnamed hacker is claiming to have a copy of eBay's customer database following the company's recent security breach. The hacker said the database, which contains up to 145 million contacts, is available for sale starting at 1.45 Bitcoin. A preview of 3,000 rows from the database were released as proof that the hacker had the information. The released information includes names, addresses, phone numbers and dates of birth. An eBay spokesperson has said that the information released does not belong to eBay users, stating, “The published lists we have checked so far are not authentic eBay accounts.”
Syrian Revolution Soldiers Hack Website Of Jordan's King
May 23, 2014 – The Syrian hacking group known as the Syrian Revolution Soldiers (SRS) have claimed responsibility for a recent hack and defacement of the website for King Abdullah of Jordan. The group also defaced several other government websites, replacing all of their content with messages criticizing Jordan's care for refugees fleeing the Syrian civil war.
Twitter And Turkey Come To Censorship Agreement
May 23, 2014 – Following Turkey's recent crackdown on social media - including temporarily blocking access to Twitter - it appears a new censorship agreement will allow Turkish citizens to continue to tweet. Turkey announced that Twitter has accepted terms to be more accommodating to government requests to remove offending content from its website, and has agreed to open a live customer support service specifically for Turkey. Critics warn that the government will use this new power to censor any criticism of the ruling party, and not to stop acts of slander or libel. Twitter has only been restored in Turkey since April, when the Turkish Constitutional Court ruled the ban breached freedom of expression laws.
Bitcoin Proponent Roger Ver Puts Bounty On Hacker
May 23, 2014 – Roger Ver, a Bitcoin investor and entrepreneur with a strong reputation in the Bitcoin community, recently discovered that an old e-mail and Facebook account were hacked. Concerned that more accounts were under threat, Mr. Ver placed a 37.6 Bitcoin bounty, roughly $20,000 USD, on the hacker, offering the money to anyone who provided enough information for an arrest. Ver managed to get the Hacker's Skype ID, and once he warned of the bounty, was able to get the hacker to return the accounts and to give up the assault on Ver's accounts.
Hackers Release Apple Unlock To Public
May 22, 2014 – Two hackers from the Netherlands and Morocco have identified a means of unlocking iPhones and iPads which have been locked because their owners reported them as stolen. The unlock hack will allow thieves to more easily resell the devices on the black market or access personal information stored within. The vulnerability allows hackers to trick a device into believing the attacker's computer is a legitimate Apple server that is transmitting an unlock signal. The duo went to Apple with the information, but when they were turned away, they decided to release the information to the public. The hackers themselves have unlocked over 30,000 iPhones.
HP's Zero Day Initiative Warns Of Microsoft's Failure To Address New Vulnerability
May 22, 2014 – Security researchers have discovered a new zero day vulnerability in Internet Explorer 8 that allows hackers to run almost any code on infected machines thanks to the installation of malware through e-mail or drive-by downloads through infected sites or advertisements. Microsoft was alerted back in October to the vulnerability, but because they have yet to patch it, HP's Zero Day Initiative has announced the details to the public along with possible fixes.
Indonesian Hackers Deface Pioneer Electronic's Site
May 22, 2014 – Members of the Indonesian hacking group, Gantengers Crew have breached and defaced the United Arab Emirates site for Pioneer Electronic Corporation. The defacement message left reads, “Gantengers Crew/SultanHaikal hacked you!” There was no explanation as to why the site was targeted. At the time of this writing the site was still displaying the defacement message. The Gantengers Crew previously hacked sites belonging to Yemen's Ministry of Human Rights and Earth Hour Philippines.
Two Australian Anonymous Members Arrested
May 22, 2014 – The Australian Federal Police (AFP) have arrested two men accused of defacing websites and conducting denial-of-service attacks against Australian and Indonesian government sites. A 40-year-old man, that is known as “Lorax” has been charged with “the unauthorized modification of Melbourne IT Limited computer network located in Brisbane, Queensland to cause impairment,” and “unauthorized modification of Indonesian government web servers to cause impairment.” The man faces up to 10 years in prison if found guilty. The other man, an 18-year-old is from New South Wales, is charged with “unauthorized modification of data to Netspeed ISP located in Canberra, ACT, to cause impairment,” and “unauthorized access to and modification of restricted data belonging to the ACT Long Service Leave Board.” He would face up to 2 years in prison if found guilty.
American Military Websites Targeted By Anonymous
May 21, 2014 – Members of the hacking collective Anonymous are claiming to have taken down several US military websites belonging to the Marines, Army, Navy, and other groups. The impacted sites include the public websites of all branches of the military. Part of a campaign called Operation Payback, Anonymous claims to be targeting US websites because of the arrest of thirteen hackers connected to Anonymous in 2010 and 2011. All websites were restored extremely quickly, though there are screenshots that appear to show the sites being unavailable around the time of the hackers' announcement.
ICS-CERT Warns Of Weak Cybersecurity For Public Utilities
May 21, 2014 – The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which monitors issues of cybersecurity in several industries, has released a report on the state of security for public utilities. The report warns that utilities are prime targets and that many have weak security practices or outdates software that leaves them extremely vulnerable. ICS-CERT also warned that some utilities lacked even basic firewalls, exposed control systems to the Internet, and were often vulnerable to simple - though not necessarily quick - hacks as opposed to the sophisticated breaches that are needed to target major corporations.
Argentinean Hacker Team Targets Websites Of Ukrainian Government
May 21, 2014 – The Argentinean hacking group known as Libero has breached and defaced several government websites in Ukraine under the #OpUkraine hashtag created by the Anonymous hacktivist collective. Fourteen websites were defaced, most with messages of "We are Anonymous" or "Hacked by Libero". One website was hacked to stream a video released by Anonymous Ukraine, which discusses corruption within Ukraine and denounces violence by the Russian government against the people of Ukraine. Not all websites have been fully restored.
Chinese Government Websites Hacked By Anonymous Philippines
May 21, 2014 – Over two hundred websites belonging to the Chinese government have been hacked and defaced by Anonymous Philippines. The hacks are in response to an ongoing maritime dispute between the Philippines and China. The defaced websites displayed the message: "China's alleged claim on maritime territories and oppressive poaching can no longer be tolerated. Stand against Oppression! It's time to fight back! Say NO to China's Bullying!" Several of the sites are still offline.
Tunisian Hackers Team Announces 'Week Of Horror' Campaign Against The United States
May 20, 2014 – The hacker collective known as the Tunisian Hackers Team has threatened the U.S. financial sector with a campaign set to begin on July 5, 2014 titled the 'Week of Horror'. The Tunisian group released a list of banks they threaten to hit with distributed denial-of-service attacks. The calendar lists a different bank for each day and schedules the attack for 8 hours. The Tunisian Hackers Team is demanding that the United States remove all troops from Islamic countries and that the United States government respond to the hacker's threat.
Europe's Internet Suffers Issues Due To Update Problems
May 20, 2014 – Last night, Internet users across Europe experienced delays when attempting to connect to US-based websites. At first reports were circulated that the delays were caused by a cut transatlantic cable, but these reports were incorrect. Swedish-Finnish telco, TeliaSonera issued a statement saying that their International Carrier arm caused the issues due to “a planned update that went wrong.” Popular websites including Reddit, Facebook and Twitter were affected by the incident. A Telia spokesperson said, “There was an incident caused by human error on what should have been a non-customer affecting planned work. Customers found it hard to reach servers in USA and Asia. The issue was quickly detected and resolved and we're now working to prevent similar incidents to happen again.”
Silverlight Exploits Target Netflix, Other Streaming Customers
May 20, 2014 – The Microsoft Silverlight platform is best known as the browser plug in that enables streaming of video on Netflix - one of the world's most popular websites. A new report from security researchers shows that criminals have infected AppNexus - the second most popular online ad network - with malicious advertisements that redirect users to infected sites that download the 'Angler Exploit Kit', a tool designed to make use of Silverlight vulnerabilities. Once installed, the malicious software exploits flaws in Silverlight that allow it to modify ports and system files, potentially leaving the infected computer open to attack or data theft. Researchers believe that because security companies have been focused on fighting malware that targets the more popular Flash and Java, criminals are hoping to exploit Silverlight while they can.
Popular Open Source Instant Messaging Service Goes Mandatory Encryption
May 20, 2014 – XMPP, also known as 'Extensible Messaging and Presence Protocol', is a popular open source instant messaging application that supports or enhances several popular services. Used either directly or optionally in Google Voice, Facebook Messenger, AOL Instant Messenger, and various third party applications and Voice-over-IP programs, XMPP's decision to require mandatory encryption is an acknowledgement of the desire by consumers for increased privacy and protection. Though XMPP's open-source foundation and developers cannot force clients to adopt encryption, those who do not will face technical and quality issues. XMPP hopes that mandating encryption - and a continued effort to strengthen its own built-in security - will strengthen security and privacy around the world due to its popularity with major programs.
Hundreds Of Yahoo Pages Impacted By XSS Vulnerability
May 19, 2014 – A security researcher has discovered a cross-site scripting (XSS) issue within Yahoo pages that targeted the comment sections. The issue allows attackers to inject infected code into any user's machine that visits the page. Through storing a specific script code within a comment, the flaw in the comment section of the Yahoo pages would execute the XSS and thus allow the hacker to access the user's cookies or browsing sessions. The most popular areas of Yahoo were targeted, including Yahoo! Tech, Finance and Sports. Yahoo has now fixed the issue, though potentially thousands were exposed.
UPDATE: 81 People Arrested In BlackShades RAT Raids
May 19, 2014 – In an update to a story from last week, officials have announced that 81 people were arrested and 300 houses raided by various state law enforcement agencies targeted people who sold, purchased, or used the BlackShades Remote Access Trojan. Rumors began to spread through hacking-focused forums that police were raiding houses, but the actions were only confirmed by Europol this Monday. Actions took place in the US, Canada, Belgium, the Netherlands, Belgium, Germany, the United Kingdom, Estonia, Chile, Italy, Croatia and Austria. Over 1,000 computers, phones, USB and external hard drives and routers were seized. It appears the raids were coordinated by EC3, the European Cybercrime Centre, with some support from the FBI in the United States.
UPDATE: RedHack's Campaign Targets Turkish Cooperation And Coordination Agency
May 19, 2014 – The Turkish hacker collective, RedHack, launched a campaign last week to target the websites and servers belonging to the Turkish Government following the mining accident in Western Turkey that took over 300 lives. In their latest move, RedHack has breached the website of the Turkish Cooperation and Coordination Agency, leaking usernames and passwords to the public. The collective has requested people abuse the usernames and passwords of the organization, which operates under the office of the Prime Minister. RedHack also released usernames and passwords of a dating site used by government employees. Both attacks were dedicated to the memory of communist activist Ibrahim Kayapakkaya, in a move that supports the collective's pro-labor protest against the government in response to miner's safety.
Pennsylvania Payroll Company Breached, Information Leaked
May 19, 2014 – Paytime Inc., a Pennsylvania payroll company, has been breached. It appears that hackers exploited a vulnerability in their systems. An undisclosed number of individuals may have had their personal information stolen. The compromised information includes names, addresses, dates of birth, phone numbers, hire dates, social security numbers, bank account information and other payroll related data. Chris Haverstick, Vice President of Paytime said, “Our investigation has also determined that the intruders were skilled hackers working from foreign IP addresses.” Paytime is currently working with a third-party IT forensics team to further investigate.
United States Retail Giants Join Forces On Cyber-Security
May 16, 2014 – Major US retailers and the United States Retail Industry Leaders Association (RILA) have moved to create the Retail Cyber Intelligence Sharing Center. Following a string of cyberattacks on retail stores that everything from websites, databases, and point-of-service devices, the industry is hoping this new move will keep customer data safe and public opinion strong. The Center will allow stores to share information on threats between each other and authorities in the United States - including the FBI and Homeland Security. The Center announced: “In the face of persistent cyber criminals with increasingly sophisticated methods of attack, the R-CISC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cyber crimes.” While membership is expected to grow, current members include giants Nike, Target, American Eagle, Gap, J.C. Penney, Lowe's, and Walgreens.
Saudi Arabia Recruits Ethical Hackers For Defense
May 16, 2014 – The Kingdom of Saudi Arabia's Ministry of Interior will begin recruiting ethical hackers to defend the nation through its National Information Center. The initiative is designed to "transform their abilities into productive energy", and to train hackers who may only know how to breach websites to defend entire networks. While admitting that hiring hackers directly is not a perfect solution to national cyber security, the center's external affairs coordinator, Dr. Zaidan Al-Enezi, announced that the program should decrease hacker attacks by 80%, if universities and large institutions work with them on the program. The government says it will only hire ethical hackers, with any hacker who has previously targeted government systems or websites denied, and that it will follow international standards on network safety.
European Police And The US FBI Coordinate Arrests Of Trojan Users
May 16, 2014 – This last week, European law enforcement authorities have raided an unknown number of hackers who purchased the BlackShades remote access Trojan. Blackshades is a tool, readily purchased from cybercriminal forums, that allows users to take over an infected computer and monitor keystrokes, steal files or use the webcam. French media reported that 70 locations were searched in relation to hackers possessing the software, and individuals in the Netherlands, United Kingdom, Denmark, Italy, Sweden and Germany have reported on forums that they too have been raided - though police confirmation is limited. Security researchers have pointed to announcements from the American FBI that it would soon be launching an anti hacker software crackdown as proof that it is coordinating efforts with Europe. One of the developers of Blackshades was arrested by the FBI in 2012.
Website Of Pakistani Police Force Defaced By Taliban Supporters
May 16, 2014 – The website of the Rawalpindi police in Pakistan had their website defaced by apparent Taliban supporters. Along with portraits of Taliban and Al-Qaeda leaders, including Osama bin Laden, the website read: "Hacked by Anti Mortadin!@. This site was hacked a victory for the Taliban". The police reported that the hackers were unable to gain access to any sensitive information because the website is for public awareness and campaigns and public information.
AnonGhost Announces OpFIFA
May 15, 2014 – A member of the AnonGhost hacking group, Ali KM, has announced a new hacking campaign called OpFIFA. The operation will focus on disrupting FIFA websites from June 10 – June 12, 2014. Ali KM says the motivation for the attacks is FIFA's “humiliating attitude” towards Muslim teams. At this time over 100 individuals have committed to taking part in the operation. Ali KM went on to promise that if participants launch successful distributed denial-of-service attacks against FIFA sites, he will provide free HD live streaming from his own servers during World Cup games.
Kate Middleton's Phone Hacked By Former News-Of-The-World Reporter
May 15, 2014 – Former royal reporter of the now-defunct News of the World paper, Clive Goodman, admitted to hacking into voicemails of Kate Middleton almost every day, as well as the voicemails of Princes William and Harry. The hackings of celebrity, royal, military and disaster victim phones ultimately forced the 168 year old paper to close. Reporters used the voicemails to generate tabloid and real stories and several reporters, editors, and staff have faced criminal charges. The full extent of the hacking campaign is still unknown, with the latest news about the targeting of Kate Middleton just being revealed.
Belgium's Ministry of Economy Suffers Data Leak - Suspects Foreign Intelligence Agency
May 15, 2014 – Belgium has experienced a string of hacks and data breaches in recent months, including an attack on their Ministry of Foreign Affairs reported earlier in the week. Now, the Federal Public Service Economy - also known as the Ministry of Economy - appears to be the next victim. The country's deputy Prime Minister has confirmed that the department's systems were breached and data was stolen. A formal investigation has begun, and it has been suggested by those in the media that the sophisticated piece of malware used in the attack is the work of a foreign intelligence agency and not a rouge hacker group. The software was installed as early as 2012 and has only now been detected.
Owner Of POS Company Admits Hacking Into Subway's Systems
May 15, 2014 – An owner of a point-of-service (POS) company - the machines that read debit and credit cards at stores - has pleaded guilty to hacking into his own products owned by the Subway fast food chain to add value to gift cards. Adding roughly $40,000 in value to cards, Shahin Abdollahi and a co-conspirator used some of the cards at Subway but sold most of them online. Both men would pre-install their POS hardware with remote log-in software before shipping them to Subways around the country.
New Report Shows Evolution Of Iranian Sponsored Hackers
May 14, 2014 – A new report on Iranian cybersecurity has outlined the evolution of Iranian hackers from simple defacers to a collective of offensive and defensive trained hackers. The report has found that Iranian sponsored hackers, codenamed the Ajax Security Team, has increased dramatically in skill over the last decade and is now capable of both sophisticated attacks against US institutions and utilizing social engineering to trap dissidents. Though outsiders fear Iran's increasing ability to target defense contractors, the report shows that Iran's main objective in cyber-attacks is targeting dissidents. Through circulating anti-censorship software infected with malware or tricking political activists into visiting fake anti-Iran websites, the group is now aiming to track, explore, and watch target computers rather than conduct immediate arrests. The report suggests that while Iran is still behind other countries like the US or Russia, more practice will only make them grow more advanced.
New Inbox-To-Inbox Facebook Campaign Spreads Malware
May 14, 2014 – Security experts are warning that the latest malware campaign to target Facebook is abusing inbox-to-inbox messaging to spread a trojan capable of stealing Facebook account details and other credentials. The message sends the text "lol" followed by a broken image link that unsuspecting users will click on to view, thus installing the trojan. Importantly, the message is sent from an infected friend, tricking users into thinking it is a legitimately funny conversation from another trusted user. Researchers believe the file has spread widely because of the popularly of Facebook around the world, and because a message from a 'friend' appears much more trustworthy than other typical scams that include videos or funny headlines posted to people's news feeds.
Estonia Told To Stop Using Its E-Voting System
May 14, 2014 – The Internet voting system in the Baltic state of Estonia, which a quarter of its citizens use to vote, has been discovered to contain multiple vulnerabilities days before the European Union's Parliamentary elections. Researchers are concerned about the program itself - with outdated security architecture - and the security practices of its maintenance staff who have been shown to download applications on unsecured networks and have allowed themselves to be filmed typing in passwords. Experts also warned that the vulnerabilities would allow a foreign power with enough cyber-prowess to rig the election without ever being detected. Estonia has refuted these findings.
Turkish Hackers Target Town Of Recent Mine Accident
May 14, 2014 – Hackers from the Turkish hacktivist collective RedHack have announced they defaced multiple Soma, Turkey government websites "in protest against the mine explosion deaths." Roughly 700 workers were trapped in a mine in the town of Soma, Turkey following an accident. The death count is currently at 256 and expected to rise. Referencing reports that the mines were known to be dangerous and that several inspections suggested it needed to be closed, RedHack has continued to criticize the government. Other hacker groups have begun to target various websites of the Turkish government with distributed denial-of-service attacks to join the protest.
Attack Against Taiwanese Government Leverages Flaw In Microsoft Word
May 13, 2014 – Security researchers have announced that despite Microsoft's acknowledgement and eventual patch of a flaw in Microsoft Word that allowed malicious programs to be hidden within word documents, cybercriminal exploitation has continued as some institutions are slow to upgrade. Several government agencies, the mailing service, and an institution of education in Taiwan have been highlighted as victims of the exploit where criminals used e-mails pretending to be from other government employees to infect and steal files from the Asian government. In one instance, the document pretended to be an important file on free-trade updates but, when opened, began a series of file drops to install a backdoor to the computer. These recent attacks are believed to be part of a campaign dubbed 'Taidoor' that targets Taiwanese government institutions.
Belgium Ministry Of Foreign Affairs Hacked
May 13, 2014 – The Belgium Ministry of Foreign Affairs has announced that hackers infected several systems with information-stealing malware that targeted sensitive material on the ongoing territorial crisis in Ukraine. While the government has begun an investigation, several media outlets have claimed knowledge that Russian actors were behind this particular attack. The last several years has seen Belgium be the target of several attacks, with the United States, Russia, and cybercriminal gangs blamed for the various break-ins on Belgium systems. The government has recently announced a multimillion dollar endeavor to strengthen its cyber security infrastructure.
China Arrests Hackers-For-Hire Who Targeted Shanghai Gaming Company
May 13, 2014 – Five individuals have been arrested for launching distributed denial-of-service (DDoS) attacks against a Shanghai online gaming company. The attacks crippled the company's login page and prevented paying customers from launching the program; it caused roughly $1.6 million in damages. One arrested individual claimed they were hired by a competitor gaming company. He also claimed that the competitor company also hired hackers to break into various systems and then use those computers to launch DDoS attacks against companies if that particular service was bought by a client.
Doge Vault Cryptocurrency Wallet Hacked
May 13, 2014 – The popular Dogecoin wallet service Doge Vault has been hacked. The company has issued a statement saying, “The Doge Vault online wallet service was compromised by attackers, resulting in a service disruption and tampering with wallet funds. As soon as the administrator of Doge Vault was alerted, the service was halted. The attackers had already accessed and destroyed all data on the hosted virtual machine.” An investigation is on-going, as the company tries to determine how the attack happened and what damage was done. Users are advised to not transfer any funds to Doge Vault addresses while the investigation is being conducted.
WordPress Themes Developer Suffers Data Breach
May 12, 2014 – WooThemes, a popular developer of templates for the WordPress blogging and content management site, has announced that customer financial information has been breached. Over the last two weeks, customers have been notified by their banks of fraudulent payment activity on their accounts, while WooThemes became aware of issues processing payments on its own servers. It soon became evident that it was through WooThemes that over 300 cases of fraudulent activity was taking place and the issue the developer was facing on its side was the breach-in-progress. The company is still unsure how its customer financial data was stolen, but it has suspended all payments, notified all customers and hired a security firm to investigate.
Indian Car Manufacturer's Website Defaced by Pakistan Haxors Crew
May 12, 2014 – A domain owned by the Indian Car Manufacturer, Tata Motors, has been hacked and defaced by the group Pakistan Haxors Crew. The group has repeatedly targeted high-profile Indian websites, including railroad companies and telecoms. In this incident they wrote: "We just defaced your website to give you a chance to put your hands on it before others come and destroy it. Consider yourselves warned because consequences will follow." The site has since been taken offline. The past month has seen several Pakistani hacker groups attacking Indian sites, including the compromising of the Indian Railroad ministry.
Resurgence Of Click Fraud Trojan Concerns Security Researchers
May 12, 2014 – Security researchers are raising alarm about a sophisticated malware called Viknok. Cybercriminals who use this particular Trojan are believed to have developed sophisticated means of penetrating operating systems that may be undetectable by most anti-malware software. It is also designed to turn infected computers into botnet zombies. The use of Viknok has surged in 2014, with 16,500 newly recorded victims in May alone. Once infected, Viknok Trojan forces a customer's computer to rapidly 'click' on an advertisement on a corrupted website, thus generating revenue for the host site which is often operated by or also hacked by the Viknok-using cyber criminals.
Point DNS Hit With DDoS Attack, 220,000 Domains Impacted
May 12, 2014 – Point DNS, a UK based domain host, was hit with a high intensity distributed denial-of-service attack that knocked it's servers out for several hours. It is not known who is behind the attack. Point DNS posted a statement saying, “We're experiencing a DDoS attack on all DNS servers, we are working hard to mitigate the attack.” Point DNS hosts over 220,000 domains, which were impacted by the attack. The company is saying that the attack originated in China. At this time the attack is still ongoing, but the impact to customers has been mitigated.
Over 300,000 Servers Are Still Vulnerable To Heartbleed
May 9, 2014 – A month after the OpenSSL Heartbleed vulnerability made headlines, researchers say that there are still over 300,000 servers that remain vulnerable. A recently conducted global Internet scan revealed that 318,239 systems are still vulnerable, and over 1.5 million servers still support the vulnerable “heartbeat” feature of OpenSSL that allows the bug. Researchers say that the numbers could be larger, as this reflects only the confirmed cases.
Bitly Site Hacked, Customer Credentials Compromised
May 9, 2014 – The URL shortening service Bitly(bit.ly) has issued a warning saying their systems have been compromised and customer credentials have been exposed. According to the warning, there has been no evidence that any accounts have been accessed by the hackers at this time. As a precaution users' Facebook and Twitter accounts have been disconnected from the service. Bitly CEO, Mark Josephson issued a notification to users saying, “We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward.”
US Cybersecurity To Get Boost From Defense Authorization Bill
May 9, 2014 – The House Armed Services Committee is moving forward on a defense authorization bill that would provide $5.1 billion for cybersecurity operations. The growth of the federal cyber workforce has been prioritized by the Pentagon, with a call for more than 6,000 professionals to work in support of the National Security Agency by 2016. The bill would “direct the Secretary of Defense to establish an executive agent to coordinate and oversee cyber training and test ranges, critical to operationalizing and improving our DOD cyber forces.”
Shanghai Students Hack School Systems
May 9, 2014 – Two students at a college in Shanghai's Songjiang District have been arrested and charged with hacking their school's systems and changing the grades of 200 students. According to reports, the two hackers charged between $2 - $3 for each change they made, earning a total of over $12,800. School administrators noticed the changes and notified the police, leading to the arrest of the students. The school says that they have fixed the security hole that was exploited.
Sentencing Of Sabu Delayed Again
May 8, 2014 – For the seventh time, the sentencing of the infamous Sabu, Hector Monsegur, has been delayed. Monsegur was scheduled to be sentenced today, but it appears that the US government is still using his services. Since his arrest in August 2012, Monsegur has been working with the government in identifying other hackers and in launching cyberattacks against foreign governments. A new sentencing date has not been set.
StubHub Hit With DDoS Attack In Brazil
May 8, 2014 – StubHub's, the Ebay owned online ticket vendor, Brazil website has been taken down by a distributed denial-of-service attack. A spokesperson for StubHub said that there has been a “huge DoS attack on the site from Brazil.” In response to the attack the company decided to deny access within Brazil while the incident is being investigated. The attack comes after the site started offering tickets to the World Cup. Both FIFA and the Brazilian government have said that tickets to the World Cup should only be purchased directly from FIFA. StubHub is still investigating the incident and have not said when the site will again be accessible within Brazil.
100 Thai Government Websites Breached
May 8, 2014 – Approximately 100 sites belonging to the Thai government have been hacked by cybercriminals in the last month. The sites have been used to distribute malware and for phishing attacks. Researchers have seen over 500 attacks originating from these breached sites. The impacted sites include those belonging to police forces, the Thai Navy and various other military organizations. Experts believe that these hacked sites will not be fixed any time soon, as the Thai government does not view this as a high priority.
50% Of DDoS Targeted Organizations Get Attacked Again
May 8, 2014 – Two reports have been released that show that over half of organizations targeted with DDoS attacks will be hit with another attack. According to a report from Neustar, once an organization is attacked there is an estimated 69% change of a repeat attack. Over 48% of the companies surveyed said they had been targeted by DDoS attacks between two to ten times. The reports also show that larger DDoS attacks are becoming more frequent with a 200% increase in attacks affecting bandwidth of between 1 and 20 Gbps.
Wall Street Journal Twitter Hacked By Syrian Electronic Army
May 7, 2014 – At least four twitter accounts belonging to the Wall Street Journal have been compromised by the Syrian Electronic Army (SEA). SEA used the accounts to post a message that read "@Irawinkler (Ira Winkler) is a cockroach" along with an image of his head on a cockroach's body. Mr. Winkler is the CEO of a security firm and recently presented on SEA, its methods, and its members at a security conference; he called SEA the "cockroaches of the internet." At that time, the hacker group defaced the conference's website, using it to show a threatening message against Ira Winkler. The Wall Street Journal secured its accounts shortly after the breach was discovered.
Members Of Team Digi7al Accused Of Hacking US Navy
May 7, 2014 – Two people thought to be members of the Team Digi7al hacking group have been charged with breaching the computer systems of the US Navy and over 30 other entities. Nicholas Paul Knight, 27, and Daniel Trenton Krueger, 20, are charged with targeting organizations to steal identities, obstruct justice and cause damage to protected computers. Knight is thought to be the leader of Team Digi7al, and served in the Navy as a systems administrator in the nuclear reactor department. A trial date has not yet been set, each man faces up to five years in prison. The other organizations targeted include the US National Geospatial-Intelligence Agency, the US Department of Homeland Security, the World Health Organization, the Toronto Police Service in Canada, the Los Alamos National Laboratory, the Montgomery Police Department, AT&T U-verse, Autotrader.com, the Library of Congress and various universities.
France's Orange Suffers Huge Client Data Theft
May 7, 2014 – France's largest mobile phone company, Orange has suffered another attack leading to the theft of personal information affecting 1.3 million customers. This attack comes just three months after Orange suffered an attack that resulted in data belonging to 800,000 customers being stolen. The attack occurred on April 18, but Orange delayed the announcement so they could “lock” down their systems and find out how many customers were actually impacted. The stolen information includes names, email addresses, phone numbers and dates of birth.
Indonesian 'Gangsters Crew' Hacks Various UN, Government Sites In Yemen
May 7, 2014 – An Indonesian based hacker group with the name 'Gangsters Crew' has breached and defaced the website of the Ministry of Human Rights in Yemen, as well as the websites of the Yemeni branches of the United Nations, United Nations Development Programme, and United Nations Volunteers. The defacement pages include a smiley face, social media links, and the message "be secure your security get down xD". It has not been made clear why Yemen or the Yemen pages of the United Nations were targeted. Gangsters Crew is also responsible for several cyber attacks on Australia amid a recent spying row between them.
Cybercriminals Team Up To Target Smartphones With Ransomware
May 6, 2014 – Security researchers have noted that two teams famed for their PC ransomware have joined forces to target smartphones running Android, Linux or Window's operating systems. The malicious software masquerades as a legitimate application that then locks the device and demands a fine be paid because the device has been used to look at child pornography or other illegal material. Though ransomware on smartphones is not entirely new, the teaming up of two different cybercriminal organizations (the creators of a PC ransomware called Reveton, and the Nertra Ransomware team) to cast a wider criminal net seems to be a first for this kind of attack.
Newly Discovered DNS Flaw Redirects Users To Malicious Sites
May 6, 2014 – Two students from the Israel Institute of Technology have discovered a flaw with the protocols of the world's most used DNS software - BIND. Researchers believe that the flaw has yet to be exploited by criminals and so full details have not been released, however the exploit centers on a loophole that allows hackers to force a DNS server to connect with a specific server rather than one of the many decentralized databases that enable a computer to translate the names of websites to IP addresses. If hackers control the server, they can then provide a false IP address to the DNS service, thus forwarding the end-user to a malicious website. The students presented their findings to the relevant organizations, which have promised a patch soon.
DrawQuest Forced To Shut After Hackers Gain Access To Amazon's Servers
May 6, 2014 – DrawQuest, a popular free drawing application for Apple smart-devices has been shut down after hackers breached the Amazon servers used by the program. The production team announced that "the entirety of Drawquest" had been compromised, with the malicious actors ordering "hundreds of expensive servers, likely to mine Bitcoin or other cyrptocurrencies." The service was shut down immediately after the activity was detected, and the team announced it had no way of knowing what user information was accessed by the attackers - potentially putting user's passwords and e-mails at risk. DrawQuest does not intend to re-open.
Casino Company Affinity Gaming Suffers Additional Payment Hack
May 6, 2014 – Hackers managed to breach the credit and debit processing system of Affinity Gaming, a Nevada-based casino operator. The breach was discovered on April 28th, and it is not believed that any payment information was stolen after that period. However, it is unknown how long the system was unknowingly compromised or for how long hackers had access to the company's systems. Affinity Gaming is working with the authorities to investigate the matter and claims it has secured its systems. This is the second time within a year the payment system has been compromised, with the company announcing to customers that their card information had been stolen back in December 2013 - impacting as many as 300,000 customers.
Vulnerabilities Found On NSA Website
May 5, 2014 – Researchers have discovered vulnerabilities on the official National Security Agency (NSA) website. A cross-site scripting vulnerability was found on the site's homepage, which allowed the researcher to deface the page. The researchers also say they found a SQL injection vulnerability, which can be leveraged to access information stored in the site's databases. The vulnerabilities were reported to the NSA. No response was received by the researchers, but the vulnerabilities appear to have been fixed.
OpenID And OAuth Vulnerability Enables Third-Parties To Steal Account Credentials
May 5, 2014 – Popular authorization protocols OpenID and OAuth contain a recently-discovered covert redirect vulnerability that allows personal identification information to be stolen. Best known for allowing users on third-party sites to use their Facebook, Google, or Twitter log-in credentials rather than creating an entirely new account, the newly-discovered vulnerability centers around the Open Redirect principle where one site will freely transfers you to another for authorization. When a user opts to use their social media credentials to login, the third-party site redirects them there to approve the action, and the social media site then redirects the user back - along with their credentials - to the third-party. The vulnerability allows malicious sites to disrupt the final redirect and to transfer users to other sites all while stealing their login information.
University Of North Carolina Wilmington Breached
May 5, 2014 – Hackers have breached an application server at the University of North Carolina Wilmington. The university has said that it is possible that the hackers accessed the personal information of employees and students. The information on the server includes names, addresses and social security numbers of some employees and students. According to a notice from the school, there is no evidence that this information has been accessed or used at this time. It appears that the hackers breached the server in order to host a phishing page.
Student Arrested For Hacking School Computer To Change Grades
May 5, 2014 – Jose Bautista, an 18-year old student, has been arrested and charged with hacking the school's computer system to change grades for himself and four other students. It is being reported that Bautista gave a written confession to the principal of Dr. Michael M. Krop Senior High School. The principal then reported him to the police. He currently faces four counts of offenses against intellectual property, public records exemption and four counts of offenses against computer users. Bautista has been released on a $20,000 bond and will be on house arrest.
Google Search Appliance XSS Vulnerability Found
May 2, 2014 – Researchers have discovered a cross-site scripting (XSS) vulnerability in Google Search Appliance, which is a device that allows organizations to index and search through web content, databases and content management systems. The appliance is actually a combination of Dell hardware with Google software. In a Computer Emergency Response Team Coordination Center (CERT/CC) advisory they say that the device is vulnerable to reflected XSS attacks when the dynamic navigation feature is enabled. A fix has been issued through the release of versions 7.2.0.G.114 and 7.0.14.G.216.
Hackers Targeting Microsoft XP Machines
May 2, 2014 – Researchers have discovered a new attack that targets out-of-support Windows XP machines running Internet Explorer 8. The attacks have been seen in multiple industries throughout Europe and the United States. In response, Microsoft has issued an emergency, unscheduled patch. Multiple hacking groups have been observed using the vulnerability to attack government and energy sector organizations. An estimated three quarters of UK companies are still running XP even after the end of support.
British National Party Hacked By Anonymous
May 2, 2014 – A member of the Anonymous collective is claiming to have hacked the Twitter account and website of the British National Party (BNP). The hacker used the Twitter account to post anti-government messages, in addition to several offensive messages sent to members of the British Parliament. The BNP website was also defaced with a picture of a man wearing a Guy Fawkes mask and a message saying, “Hacked by Anon_0x03, F*** the Government!” It is unclear if the BNP has regained control of the Twitter account. There have been legitimate messages posted by the BNP, but the hacker's posts remain on the feed.
Anonymous Member Faces 440 Years In Jail
May 2, 2014 – Twenty-seven year-old Fidel Salinas of Donna, Texas, an alledged member of the Anonymous collective is facing 44 charges of cyber assault. He is accused of hacking computer systems of a county government, a school district and a newspaper. Salinas is also accused of several counts of cyber stalking. The FBI released a statement saying, “Salinas had the intent to harass and intimidate a female victim. Allegedly, he repeatedly emailed her, attempted to gain unauthorized access to her website, made submissions through a contact form on that site and tried to open user accounts without her consent.” Each of the charges carries a maximum sentence of 10 years in federal prison, bringing the total possible sentence to 440 years. Salinas' attorney denies he has had any connection to Anonymous.
DDoS Attack Takes Down UltraDNS Service
May 1, 2014 –A customer of UltraDNS, a Neustar DNS service provider, has been hit with a 100 Gbps distributed denial-of-service attack, that has resulted in the DNS service being down for several hours. UltraDNS issued a statement saying, “The Neustar UltraDNS Operations and Security teams continue to work with our Tier One Providers to further refine upstream mitigations within the Carriers networks. . . The DDoS traffic continues to shift attack vectors and our teams are working on altering countermeasures to insure stability of service as quickly as possible.” At the time of this writing the service has stabilized and is operating normally. Several customers reported outages of over 8 hours.
UK's National Crime Agency Warns Of Cyber Threat Increase
May 1, 2014 –The United Kingdom's National Crime Agency (NCA) has released the 2014 National Strategic Assessment of Serious and Organized Crime. The report focuses on attacks aimed at deleting, modifying or stealing data, disruption of access to systems through distributed denial-of-service attacks, traditional crime groups using services offered on cybercrime marketplaces and the increase of use of support services for cyber-dependent crimes. The NCA expects to see an increase in these areas over the next one to three years. The report says, “Specialist service providers and bespoke toolkits are opening opportunities for those criminals who have limited technical competence. Different organized crime groups who share the use of key criminal technical and other infrastructures is a growing threat. Criminal online forums provide a market place for the trading of such services.” The NCA does not have an estimate of the costs associated with these cybercrime, but they do say that it can be “reasonably assessed” at several billion pounds each year.
Ireland's Eircom Breached By Hackers
May 1, 2014 –The Irish telecommunications company, Eircom has taken down their email service after discovering a breach of their system. Eircom issued an alert saying, “We detected an intrusion on the perimeter of our email service and in accordance with our security procedures and industry best practice, we took immediate steps to lock down our email service and eliminate any threat to our 350,000 eircom.net email users.” The origins of the breach are still unknown, and no hackers have taken credit for the breach. At the time of this writing email services have been restored for Eircom customers.
Russia Facing New Android Malware Spreading By Text Message
May 1, 2014 –Researchers have discovered a new android malware that spreads via text message in Russia. The malware is an APK file that when downloaded sends texts to entire address books in an attempt to infect others. The malicious text says, in Russian, “Is this your photo?”, and includes a link. If the link is clicked on the device will be infected. At this time, it appears that the malware is limited to Russia.
April 30, 2014 –The popular image-based bulletin board, 4chan has been hacked. The hacker was able to gain access to one of 4chan's databases by exploiting a website vulnerability. Christopher Poole, the founder of 4chan, posted a statement saying, “Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted.” The hack was motivated by the hackers wanting to expose the posting habits of a specific user the hacker doesn't like. According to Poole, no customer financial data was compromised. The vulnerability that was exploited has been patched.
SEA Defaces RSA Conference Site
April 30, 2014 –Members of the Syrian Electronic Army (SEA) hacking group have redirected all visitors of the RSA Conference website to a site displaying a defacement page. This attack is in response to a RSA presentation by Secure Mentem President Ira Winkler, in which he made fun of SEA. SEA did not actually compromise the RSA site, rather they redirected visitors to the defacement page by exploiting Lucky Orange, an analytics tool installed on the website. The defacement message says, “Dear Ira Winkler, Do you think that you are funny? Do you think that you are secure? You are NOT. If there is a cockroach in the internet it would be definitely you.” The members of SEA said that there have been three negative reports published about the group, in response they have said there will be three attacks.
Colorado's Mercy Regional Medical Center Breached
April 30, 2014 –Mercy Regional Medical Center in Durango, CO has informed patients that their systems have been breached and hackers may have accessed patients' personal information. The information that may have been compromised includes names, social security numbers, Medicare beneficiary numbers, addresses, dates of birth, phone numbers and clinical information. It is believed that the hackers gained access through a phishing attack. Centura Health, the owner of Mercy Regional, has sent letters to approximately 1,000 patients notifying them of the situation. The letter states, “Centura Health took immediate steps to implement and/or reinforce necessary protective measures to help prevent similar events in the future.” Centura Health is currently working with authorities to investigate the attack.
European Advanced Threat Report Released
April 30, 2014 –A new report focusing on sophisticated attacks targeting Europe has been released. According to the report approximately 250 new workstations are infected each day in Europe. The United Kingdom, Switzerland, Germany and France account for 70% of the total number of infections. The leading targeted industries include the healthcare sector (21%), financial services (17%), chemicals/manufacturing/mining (9%), higher education (9%), telecom (7%), energy/utilities/petroleum refining (6%) and high-tech (6%). Twenty-five percent of advanced persistent threats have targeted federal governments.
Commerce Bureaus Fail Cyber Security Tests
April 29, 2014 –A recent report published by the Inspector General says that the Department of Commerce is unprepared to defend against cyber attacks. The report studied five bureaus or operations centers, and only one responded adequately to an external threat. The Bureau of Economic Analysis, the Bureau of Industry and Security, the International Trade Administration, the US Patent and Trademark Office and a Security Operations Center in the CIO's office were tested as part of the report. Over the course of eight months the Inspector General used automated software to send a steady flow of suspicious traffic at the department's public-facing websites. Only one analyzed and blocked the threat, while three did nothing at all in response. The report says, “The close communication between department bureaus and their Internet and security services providers that is needed to stave off cyber-threats is sorely lacking.” Outgoing Commerce CIO, Simon Szykman said that the department agreed with the report's findings and promised “corrective action plans from individual bureaus.”
Anonymous Planning May Day Protests
April 29, 2014 –Members of the Anonymous collective have posted a video announcing a campaign called “MayDay”, which calls on people to stage a “global day of resistance” on May 1. People are instructed to avoid using the services of banks and from shopping, so that “the one percent realizes that without the 99 percent they are nothing.” In the video the hacktivsts say, “March the streets, occupy the public space; be free and reclaim your rights as human beings.” There was no mention of any online protests on that day, however past Anonymous protests have always included cyber activity, such as distributed denial-of-service attacks.
Libyan Cyber Army Defaces Egyptian Ministry Of Information
April 29, 2014 –Members of the Libyan Cyber Army hacking group have breached and defaced the website of the Egyptian Ministry of Information. The defacement included a picture of the Libyan flag and a message saying, “Hacked by the Great Team.” The hackers did not give a reason for the hack. In the past, the Libyan Cyber Army has attacked sites belonging to the Libyian government and privately owned Israeli sites. At the time of this writing the website was still displaying the defacement.
European Cybercrime Center Looks To Disrupt Cybercriminals
April 29, 2014 –Troels Oerting, the head of the European Cybercrime Center (EC3), said that EC3 is shifting their focus from the prosecution of online criminals to the disruption of their activities. The shift is a response to cybercriminals increasingly using the darknet to stay anonymous, making it more difficult for law enforcement to find suspects' true identity and successfully prosecute them. According to Oerting, 75 to 80 percent of the crimes EC3 investigates is carried out by Russian-based groups. Oerting said, “They are out of reach and there's no extradition, so the best we can hope for is local prosecution. We need to move between prosecution to disruption of cybercrime.”
Microsoft Internet Explorer Zero-Day Vulnerability Found
April 28, 2014 –Microsoft has issued an alert that an Internet Explorer zero-day vulnerability has been discovered. The vulnerability impacts Internet Explorer versions 6 through 11. Cybercriminals have been exploiting the vulnerability in a campaign called Operation Clandestine Fox. Microsoft's alert warns, “If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” Microsoft said they are investigating the vulnerability and will take “appropriate” steps. This will be the first zero-day vulnerability that will not be patched for Windows XP users, since Microsoft officially ended support for that system.
Hackers Say There's A New OpenSSL Flaw Similar To Heartbleed
April 28, 2014 –A group of hackers are claiming to have found a new OpenSSL flaw, that is similar to the Heartbleed bug. The hackers released a statement saying, “We have just found a vulnerability in the patched version OpenSSL. . . We are a team of five people, and we have coded nonstop for 14 days to see if we could find a workaround, and we did it!” The hackers have not yet made the vulnerability public, but are trying to sell it for 2.5 Bitcoins (about $1,070). Experts do not believe the hackers' claims and see this as a money-making scam.
UNICEF New Zealand Defaced By Syrian Hacker
April 28, 2014 –The Syrian hacker known as Dr.SHA6H has defaced the blog site of the United Nations Children's Fund (UNICEF) of New Zealand. The defacement message said, “Today, after looking at what faces (Syria) note most of the countries in the world do not want to help Syria.” Dr.SHA6H also breached and defaced a website owned by the Saudi Arabian Ministry of Health. At the time of this writing both sites were still displaying the defacement page.
Westminster, California Website Breached And Defaced
April 28, 2014 –Two Saudi Arabian hackers known as NeT-DeViL and Dr-TaiGaR are claiming to have breached and defaced the website of the city of Westminster, California. The two hackers are known members of the Group Hp-Hack hacking group. The defacement message reads, “City of Westminster California (Go to Hell) Hacked By: Group Hp-Hack!” No reason for the attack was given. At the time of this writing the website has been restored and is working properly.
Bitcoin Mining Malware Found In Google Play Store
April 25, 2014 –Researchers have discovered new malware in the Google Play store that is used to mine for Bitcoins. The malware, called BadLepricon, uses infected devices to perform the resource intensive computational processes needed to mine BitCoins. The malware was hidden within wallpaper apps, that had been downloaded hundreds of times. BadLepricon turns infected devices into a bot that uses a large amount of computer processor and battery power. Google has removed five apps that were found to be hiding the malware. This is the second time in less than a month that bitcoin mining malware has been discovered in the Google Play store.
Belgian Hosting Company Blackmailed By Hackers
April 25, 2014 –The hacking group known as Rex Mundi is claiming to have breached the systems of Belgian hosting company AlfaNet. The hackers are attempting to blackmail the company, threatening to leak data and attack websites hosted by AlfaNet if their demands are not met. The hackers said, “We have hacked their database and we have stolen all of their customer data. Alfanet has two more days to pay us 15,000 Euros.” To prove that they have the information, the hackers have posted samples of some customer data and database information. AlfaNet has not responded to the threats at this time.
Anonymous Cambodia Responding To Arrest Of Members
April 25, 2014 –Earlier this week it was reported that two members of Anonymous Cambodia have been arrested. Other members of the hacking collective have now announced plans to attack Cambodian government websites in response to the arrests. The hackers claim that they have a lot of supporters, and have published instructions on how to launch distributed denial-of-service attacks. The list of targets include private businesses, as well as the Cambodian government and police. Anonymous Cambodia issued a statement saying, “You arrested only two of us, but still we can continue our work and will be stronger than before. Ten times to 1,000 times and 10,000 times. It will never end.”
Indian Hackers Launch OpPakistan
April 25, 2014 –Indian hackers are claiming to have hacked and defaced a number of Pakistani government sites as part of the OpPakistan campaign. OpPakistan is a response to the number of hacks carried out by Pakistani hackers against Indian government websites. Defacement messages left by the Indian hackers say, “One minute of silence for those who think that by hacking Indian sites they will get Kashmir. Stop hacking Indian sites or expect us. It's the last warning.” OpPakistan targets include the National Portal of Pakistan, the Cabinet Ministry, the Pakistan Manpower Institute, the Ministry of Defense and the Ministry of Railroads. All of these sites are currently displaying a message that says, “Server is Under Maintenance & Thanks for visiting!”
AOL Mail Service Hacked
April 24, 2014 –AOL officials have confirmed that their mail service has been hacked. Thousands of users have been complaining about their accounts being used to send spam emails to their contacts. AOL released a statement saying, “AOL takes the safety and security of consumers very seriously, and we are actively addressing consumer complaints. We are working to resolve the issue of account spoofing to keep users and their respective accounts running smoothly and securely.” There has been no indication of who is behind the hack.
FBI Says Healthcare Cybersecurity Lagging
April 24, 2014 –The FBI has issued an alert to the healthcare industry saying, “according to open source reporting from SANS, Ponemon and RSA, the healthcare industry is not technically prepared to combat against cyber criminals' basic cyber intrusion tactics, techniques and procedures, much less against more advanced persistent threats.” The alert was not issued due to any imminent threats, but as a service to the industry as more organizations shift to electronic healthcare systems and medical devices that are connected to the Internet. A spokeswoman for the FBI said, “We're trying to educate people in the sector who are not aware.” The alert points out that the healthcare industry is not as resilient to cyber intrusions compared to the financial and retail industries.
Cyber Attacks From Iran Increasing
April 24, 2014 –A new report shows that in the past year there has been an increase in cyber attacks originating in the Middle East and Iran specifically. Up until now Iran has been thought of as a second-tier cyber threat behind countries like China and Russia. The report speculates that the increase in attacks from Iran is due to an interest in breaching critical infrastructure targets. After analyzing these new attacks, the report concludes that Iran still lacks the tools and skills necessary to be considered a “full-scope cyber actor.” Traditionally Iranian-based attackers rely on publicly available tools to exploit known vulnerabilities, which would put a limit on how much damage they can actually do. However, the researchers warn that Iran is expanding their capabilities and technical proficiency making them a more persistent threat.
New Russian Bill Could Ban Facebook, Gmail, Skype
April 24, 2014 –Russia's parliament has passed a new bill, as part of it's anti-terrorism laws, that would ban technology services that do not store Russian data within the country. The bill requires companies, such as Facebook, Gmail and Skype, to relocate Russian customer data within Russian territory, so that it can be legally acquired and inspected by the Russian government. If domestic or foreign email, social networking and instant messaging providers do not provide access to six months' worth of data, they can be banned from operating in Russia. To be compliant with this new law, foreign companies would need to install servers and data centers in Russia. The law has not yet been ratified by President Vladimir Putin.
HP And Amazon Cloud Service Vulnerabilities Discovered
April 23, 2014 –Researchers have discovered that HP and Amazon Cloud Services are vulnerable to hacker attacks, due to their running unpatched versions of Windows Server 2003. The researchers were able to exploit old security vulnerabilities on the servers because updates were never applied. It was discovered that the last patches applied to HP's Public Cloud were done in July 2013. Experts believe that the cloud service providers have disabled the autoupdate feature on their servers resulting in these issues. Other cloud service providers have the same problems, including GoGrid which hasn't updated their server installations since April 2012.
30,000 Iowa State University Students Have SSNs Exposed In Hack
April 23, 2014 –Iowa State University has said that five servers were breached in a recent hacking attack. The servers contained the social security numbers of approximately 30,000 students. According to the school no financial information was exposed, and there is no evidence that the social security numbers were actually stolen. Jonathan Wickert, Iowa State's Senior Vice President and Provost said, “We don't believe our students' personal information was a target in this incident, but it was exposed. Iowa State has always taken information security very seriously, and we will continue to take every possible action to safeguard the personal information of those who learn and work here.” The university is currently working with law enforcement to investigate the incident.
Indian Political Party Blocks Pakistani Access
April 23, 2014 –Following several recent Pakistani hacker attacks against India's Bharatiya Janata Party (BJP) website, the political party's site can no longer be accessed from Pakistan. When attempting to reach the BJP site from Pakistan, users receive a message saying, “The owner of this website has banned your IP address on the country or region you are accessing it from.” The head of BJP's IT department said that the blocking is an automatic response by their self-defense mechanisms due to the number of hacking attacks originating in Pakistan. The website for the BJP's candidate for Prime Minister is also blocked from Pakistan.
Two Members Of Anonymous Cambodia Arrested
April 23, 2014 –Two 21 year-old Cambodian men, believed to be members of Anonymous Cambodia, have been arrested and charged with computer hacking. The men, known as the hackers Black Cyber and Zoro, face up to two years in prison. The director of Cambodia's Ministry of Interior's internal security department said, “These are the first members of the Anonymous hacker group who have been arrested by the [Cambodian] police, and we found no [evidence] of any [planned] terrorist attack.” The men are currently in prison awaiting trial. Additional people are currently being investigated for alleged connections to cyber attacks against the Cambodian government, but no further arrests have been made at this time.
AnonGhost Reveals Critical Facebook Flaw That Leads To DNS Hijack
April 22, 2014 –The hacker known as Mauritania Attacker, a known member of the AnonGhost hacking group, has revealed that there is a critical Facebook security flaw which allows any hacker to perform a DNS hijack attack. A DNS hijack will result in Facebook users being navigated to any server the hacker chooses. Mauritania Attacker has published a package containing full instructions on how to perform this attack. The hacker was able to show four sample attacks that would result in Facebook's DNS being hijacked.
iBanking Malware Targeting Android Users
April 22, 2014 –A new mobile malware known as iBanking has been discovered. The malware is able to steal SMS messages and redirect incoming phone calls. The attack actually begins with a Trojan called Win32/Qadars, which attempts to have victims download iBanking. The iBanking mobile application is used to bypass mobile two-factor authentication methods. This method is called mobile transaction authorization number, and is used by several financial institutions as well as Gmail, Twitter and Facebook.
Anonymous Announces OpMcDonalds
April 22, 2014 –Members of the Anonymous collective have released a video announcing the planning of a new operation targeting McDonalds. They accuse McDonalds of abusing their employees and stealing wages. In the video, the hacktivists say, “The corporation's flagrant disregard for the millions of people slaving away each day to create its profits is truly staggering. But that millions more of us continue to hand over our cash to such an unethical company, for food barely worthy of the description, that is even worse.” No specific details about the operation have been released at this time.
Indian Party Leader's Site Defaced By Pakistani Hacker
April 22, 2014 –The Pakistani hacker known as Muhammad Bilal breached and defaced the website of the Indian BJP party leader L.K. Advani. The defacement message called for an end to “militarized governance in Kashmir.” There has been no statement from Advani or the BJP party.
GAO Not Satisfied With SEC Information Security
April 21, 2014 –The Government Accountability Office (GAO) has issued a report saying that the Security and Exchange Commission (SEC) needs to improve its information security controls. The report specifically addresses issues with access controls, patch management, contingency and disaster recovery planning and segregation of duties. The report reads, “The information security weaknesses existed, in part, because SEC did not effectively oversee and manage the implementation of information security controls during the migration of a key financial system to a new location.” The SEC's CIO, Thomas Bayer said, “In 2014, the SEC will continue to optimize our controls and further improve the security of our systems that support financial processes and our overall risk management process.”
NullCrew Hacks University Of Virginia
April 21, 2014 –Members of the NullCrew hacking group are claiming to have breached and stolen data from the systems of the University of Virginia. The hackers say that this hack is part of the F**kTheSystem operation. NullCrew issued a statement saying, “F**kTheSystem is generally aimed at the government, or anything that is corrupt . . . ranging from government contractors, to universities, to telecommunications companies and other things. . . They are all part of the system.” The hackers said they were targeting other entities including Spokeo, Telco Systems and BATM, Klas Telecom, the State of Indiana, National Credit Union, ArmA2, International Civil Aviation Organization and the Science and Technology Center of Ukraine.
Over 500,000 Mobile Banking Users Infected With Malware
April 21, 2014 –Researchers have discovered a new malicious mobile phone app called mToken that has infected over 500,000 online banking users. Most of the infected users are located in the Gulf region. The cybercriminals have created fake phone apps that look identical to the official apps of well-known Middle East banks. They then use the malicious apps to infect the device and steal personal and banking information.
Bangalore, India City Police Site Breached
April 21, 2014 –The Pakistani hacker known as H4x0r10ux m1nd is claiming to have hacked and defaced the Bangalore, India City Police website. The hacker left a message on the site criticizing the Indian government for killing innocent people in the Kashmir region. The message reads, “Govt. of India its time to repay for what you have done to our Kashmiri Brothers! You killed them just because they support and want to be a part of Pakistan.” At the time of this writing the site was restored and operating normally.
Vulnerabilities Found In SATCOM Systems
April 18, 2014 –Satellite communications (SATCOM) systems have become a target for cyber attacks due to their critical role in military and government operations. Researchers have uncovered several critical vulnerabilities including hardcoded credentials, undocumented and insecure protocols and backdoors in widely deployed SATCOM terminals. If an attacker exploits these vulnerabilities they could intercept, manipulate or block communications. Attackers could also remotely take control of the physical devices used in satellite communications.
Redhack Breaches Turkish Investment Bank
April 18, 2014 –Members of the RedHack hacking group are claiming to have hacked the systems of Aktif Bank, a Turkish investment bank. The attack is a response to the bank's new e-ticketing system for soccer fans. The new system requires ticket purchasers to provide personal information, and then will keep track of where each person is seated. According to the government, the system is designed to help reduce violence at games, but the hackers believe its a way to keep track of anti-government protestors. RedHack has also started a distributed denial-of-service attack against the bank's website.
LocalBitcoins Confirms Security Breach
April 18, 2014 –LocalBitcoins, a decentralized Bitcoin exchange located in Finland, has confirmed that they have suffered a security breach. The breach was first discovered by several users who reported missing funds from their accounts. LocalBitcoins issued a statement saying, “Most likely explanation to these attacks have been stolen user credentials through phishing or malware.” The company has over 110,000 users, which makes it the largest decentralized market in the world.
Hacker Taking Credit For Inappropriate US Airways Tweet
April 18, 2014 –Earlier this week an inappropriate tweet was sent from US Airways Twitter account. US Airways has since issued an apology and said one of their employees posted it accidentally. However, a hacker known as breakfast_ is claiming responsibility for hacking the US Airways account and sending the offensive image. The hacker said, “A friend of mine sent me the picture . . . and I told him 'I'm going to work my a** off to hack airlines this week.' Originally, I wanted to tweet it out form the Malaysian Airlines account but I thought better of it and US Airways was the first account I got a hold of.” breakfast_ hacks corporate accounts because he believes the US is becoming an oligarchy, and he feels the country is being controlled by the wealthy. He went on to say, “I'm working actively right now to hack some hardcore republicans. The usual suspects who are talking on Fox News.”
SQL Injection Attacks Hit 65% Of US Organizations
April 17, 2014 –The Ponemon Institute has issued a new study that 65% of US organizations have experienced an SQL Injection attack in the last 12 months. The study included 595 US security practitioners, who also reported that it took an average of 140 days to discover a breach and an additional 68 days to remediate. Only 34% of respondents agreed or strongly agreed that their organization had the technology or tools to detect SQL injection attacks. Fifty-two percent said that they do not test or validate any third party software to ensure it's not vulnerable to SQL Injection attacks. Dr. Larry Ponemon, the founder of the Ponemon Institute, said, “Organizations believe they struggle with SQL Injection vulnerabilities, and almost half of the respondents said the SQL Injection threat facing their organization is very significant.”
Canadian Teen Arrested For Using Heartbleed To Compromise Tax Payer Info
April 17, 2014 –A 19-year-old Canadian man, Stephen Arthuro Solis-Reyes, was arrested by the Royal Canadian Mounted Police (RCMP) for stealing the personal information of 900 Canadian tax payers. The man leveraged the Heartbleed bug to gain access the data. The RCMP released a statement saying, “It is believed that Solis-Reyes was able to extract private information held by the CRA by exploiting the security vulnerability known as the Heartbleed bug.” Solis-Reyes is charged with with mischief and unauthorized use of a computer to steal data from the Canada Revenue Agency's website.
Nigerian Cyber Army Breach And Deface Nigerian Army Site
April 17, 2014 –Members of the Nigerian Cyber Army (NCA) hacking group breached and defaced the Nigerian Army's website. The defacement messages warned the Army that the NCA has returned and they plan on targeting more government sites. The Nigerian Army was able to quickly regain control of the site and delete the defacement messages.
Romanian Arrested For Attempted Hack Of President's Site And Stealing Credit Card Data
April 17, 2014 –Romania's Directorate for Investigating Organized Crime and Terrorism (DIICOT) have arrested a 37-year-old man who they believe attempted to hack into Romania's presidency website. He is also accused of stealing details of over 62,000 credit cards. Authorities say that the man attempted to breach the president's website to access restricted information. Representatives of the Special Telecommunications Service, the organization that administrates the website, have said that the site has never been breached.
LaCie Hacked, Customer Information Leaked
April 16, 2014 –The website of LaCie, the digital storage manufacturer, has been hacked. According to the company they were breached by a piece of malware that stole website transaction information. The compromised information includes user names, passwords, names, addresses, email addresses, credit card numbers and card expiration dates. LaCie has contracted a forensic investigation firm to analyze the breach.
Bulgarian Cryptocurrency Exchange Hit With DDoS
April 16, 2014 –Bulgarian cryptocurrency exchange, BTC-e suffered a distributed denial-of-service attack. According to BTC-e the attack happened periodically, but there was nothing significant about it. In a statement the company said, “We don't consider it as an important problem, as there is a workaround to fix it quickly.” The company said this was a minor outage and there was no security breach. At the time of this writing the exchange was up and operating normally.
Connecticut Utilities Penetrated, But Interruptions Prevented
April 16, 2014 –Connecticut state utility regulators reported that electric, natural gas and major water companies and regional distribution systems have been penetrated by cybercriminals, but their defense systems were able to prevent any disruptions. The report from the Public Utilities Regulatory Authority said that security threats are constantly evolving and “becoming more sophisticated and nefarious” and the utilities must constantly improve their defenses to prevent breaches. Governor Dannel Malloy said, “The chance of an attack doing serious damage to the state of Connecticut cannot be taken lightly, and therefore we are stepping up our game in preparation.”
Twitter To Ban Some Turkish Accounts
April 16, 2014 –A senior Turkish government official said that Twitter has agreed to ban several users' accounts at the government's request. Recently the Turkish government had attempted to block the Twitter service in the country, but they were not successful. The block was lifted after a Turkish court ruled that blocking the service violated free speech laws. There has been no official word on how many accounts would be banned. Twitter has not released a statement about this issue.
German Aerospace Center Under Spyware Attack
April 15, 2014 –The German Aerospace Center, Germany's national center for aerospace, energy and transportation research is being targeted by a coordinated and systematic spyware attack. It is believed that the attack is being conducted by a foreign intelligence agency. The attack is so complex that forensic investigators have not been able to detect the actual malware. Some of the Trojans used are designed to self-destruct when they are discovered. All operating systems at the German Aerospace Center are impacted by this attack.
VFW Breached, 55,000 SSNs Exposed
April 15, 2014 –The Veterans of Foreign Wars website has been breached by hackers believed to be from China. The names, addresses and social security numbers of over 55,000 VFW members were compromised. A letter from the VFW said, “VFW has been informed that the purpose of the attack wasn't identity theft, but rather to gain access to information regarding military plans or contracts.”
National Retail Federation Developing Cybersecurity Program
April 15, 2014 –The National Retail Federation (NRF) is developing a retail and merchant industry information sharing and analysis center designed to assist companies when dealing with cyber threats. The program, being developed with the support of the Financial Services Information Sharing and Analysis Center. The new program will give retailers a central location for cyber security information from government departments, law enforcement agencies, other retailers and financial service organizations.
480,000 Individuals Exposed In UK Cosmetic Surgery Breach
April 15, 2014 –The personal details of 480,000 people have been compromised in a breach of the UK based Harley Medical Group website. The names, addresses and phone numbers of the individuals that entered their information in a form on the website. No medical or financial information has been exposed. Harley Medical Group representatives said that they took “measures” as soon as they were made aware of the breach.
Flickr Vulnerabilities Discovered
April 14, 2014 – Flickr, the online photo management website, has multiple web application vulnerabilities according to researchers. SQL injection vulnerabilities have been discovered on Flickr Photo Books, a new custom printing feature that was launched 5 months ago. Two parameters have been found that are vulnerable to Blind SQL injections and one vulnerable to Direct SQL injections. A successful SQL attack could allow access to the database and MySQL administrator password. Yahoo, which owns Flickr, said it has now patched the vulnerabilities.
Tunisian Hacker Team Threatens United States
April 14, 2014 – Members of the Tunisian Hackers Team hacking group have posted a new video in which they threaten to target the United States. The new campaign is called TheWeekOfHorror and the goal is to get the United States to remove their military from the “Muhammad lands.” According to the video, the campaign will begin in July 2014. The hackers say they will attack the US's financial industry and computer systems at airports.
Israeli Hackers Identify Individuals Behind OpIsrael
April 14, 2014 – The Israeli hacking group known as Israeli Elite Force is claiming to have identified the individuals behind the OpIsrael hacking campaign. Buddhax, a member of the Israeli Elite Force, has posted files that include the names, email addresses and pictures of sixteen people that are accused of being behind OpIsrael. The individuals are from Indonesia, Malaysia, Portugal, Italy, Finland, Switzerland, Saudi Arabia, the UK and Algeria. Buddhax also posted a message with the information saying, “Next time do not take part in an offensive against Israel. We know who you are, we know where you are. Hail Israel.”
Nine Arrested For Using Zeus Malware To Steal Millions
April 14, 2014 – The US Department of Justice has charged nine alleged cybercriminals for using the Zeus banking malware to steal millions of dollars from banks. The men are charged with defrauding Bank of America, First Federal Savings Bank, First National Bank of Omaha, Key Bank, Salisbury Bank & Trust, Union Bank and Trust and United Bankshares Corporation. All of these banks are insured by the Federal Deposit Insurance Corporation. The defendants are also charged with infecting thousands of business computers with malware that steals passwords, account numbers and other online banking information. The Metropolitan Police Service in the UK, the National Police of the Netherlands' National High Tech Crime Unit and the Security Service of Ukraine are assisting with the investigation.
South Korean Banks Breached, Leads To Data Leaks
April 11, 2014 – According to South Korean authorities, Citibank Korea Inc. and Standard Chartered Bank Korea have been breached. Information belonging to over 50,000 clients have been stolen from the banks. This is the second data leak involving the two banks, in December the personal data of 130,000 customers was leaked. The new data leak apparently does not include any critical information such as credit card numbers or passwords. This new information is being utilized in a phone phishing scheme, where the cybercriminals are attempting to scam the bank's customers into revealing sensitive financial information.
US Government Says Companies Will Not Be Sued For Sharing Cybersecurity Information
April 11, 2014 – The US Justice Department and the Federal Trade Commission issued a formal policy statement, assuring companies the federal government will not bring lawsuits against them for sharing cybersecurity information with each other. There has been concern that sharing cybersecurity information would be in violation of antitrust laws. Antitrust laws are meant to prevent companies from inflating prices and hindering competition. The policy statement says that sharing cybersecurity information such as incident reports or malicious code is unlikely to violate the law. The head of the Justice Department's Antitrust Division said, “As long as companies don't discuss competitive information like pricing and output when sharing cybersecurity information, they're okay.”
Saudi Arabian Ministry Of Health Site Defaced
April 11, 2014 – The hacking group known as the Moroccan Islamic Union-Mail have breached and defaced a website belonging to the Saudi Arabian Ministry of Health. The defacement is in response to Saudi Arabia naming the Muslim Brotherhood a terrorist organization. The defaced site belongs to the Public Administration for Combating Generic and Chronic Diseases. The defacement includes a picture of a group of people holding signs of Mohamed Morsi, the former president of Egypt and a leader within the Muslim Brotherhood. At the time of this writing, the site is still defaced.
Lubbock, TX Cardiology Clinic Breached, Leak Health Records
April 11, 2014 – The Lubbock Cardiology Clinic in Lubbock, TX has issued a notification that their EHR (electronic health records) system was breached and the hackers gained unauthorized access to medical records. According to the notification the breach occurred between December 15, 2013 and January 30, 2014. Over 1,400 medical records were viewed, copied, downloaded and exported. The records included names, addresses, phone numbers and social security numbers. The Clinic says they are, “vigorously seeking answers and recovery of this information.”
IRS Data Security Not Sufficient According To GAO
April 10, 2014 – The Government Accountability Office (GAO) have reported that the Internal Revenue Service (IRS) does not sufficiently monitor their databases for activity that could indicate a breach has occurred. According to the GAO report, for the seventh consecutive year the IRS has not patched security vulnerabilities that could lead to leaks of financial data. GAO Managing Director, Nancy Kingsbury wrote in the report, “Serious weaknesses remain that could affect the confidentiality, integrity and availability of financial and sensitive taxpayer data.” IRS officials in a written response to the GAO said they are dedicated to improving data security and look forward to working together to “develop appropriate measures.”
Financial Malware On The Rise According To Report
April 10, 2014 – A recent report shows that the number of cyberattacks involving financial malware increased to 28.4 million in 2013, a 27.6% increase over 2012. The increased use of cryptocurrency is partially responsible for this increase. The most common methods of financial malware are banking Trojans, keyloggers and two new types of malware – the first that breaches Bitcoin wallets and the other that downloads software designed to generate cryptocurrency.
Deltek Breached, Customer Info Leaked
April 10, 2014 – Deltek, an enterprise software and information solutions provider, had it's GovWin IQ website breached. The website provides information to assist organizations in winning government business. The hackers accessed customer information including names, billing addresses, telephone numbers, business email addresses, credit card numbers and expiration dates. President and CEO of Deltek, Mike Corkery issued a statement saying, “We have remedied the security vulnerability that we believe the hacker exploited in order to gain unauthorized access to our GovWin IQ system.” Deltek is working with law enforcement to investigate the incident.
Another Pleads Guilty In Carder.su Cybercrime Ring
April 10, 2014 – Cameron Harrison, one of several individuals charged with being involved in the Carder.su identity theft service has changed his plea from not guilty to guilty. Harrison said he has not been offered a plea agreement from the government. Harrison is accused of purchasing counterfeit identification documents and stolen payment card data from Carder.su members. He is charged with participating in a racketeer influenced corrupt organization, conspiracy to engage in a racketeer influenced corrupt organization and trafficking in the production of false identification documents. The total sentence for all charges could be up to 55 years in prison and a fine of up to $750,000. Over 50 other individuals have been charged in connection with Carder.su, but the heads of the organization have not yet been found.
Bank Of Israel Ids And Passwords Leaked
April 9, 2014 – The hacking group known as Moroccan.Agent.Secret has leaked data that they claim belongs to over 1,800 Bank of Israel customers. The hackers say that the leak is part of OpIsrael, and that the information was obtained when they breached the bank's systems earlier this week. There has been no verification that the information is legitimate. Other hacking groups have claimed to leak information from Israeli sources this week, but it has turned out that the information was old.
Anonymous To Target Educational Institutions
April 9, 2014 – Members of the Anonymous collective have announced the formation of OpSafeEdu. The hackers said that the lack of security on educational websites is a violation of student liberties. The Center for Internet Security (CIS) has issued a warning about a potential increase in attacks on educational institutions in response.
President Of Gabon's Site Taken Down
April 9, 2014 – Members of the Anonymous hacking collective are claiming to have taken down the official website of Ali Bongo Ondimba, the President of Gabon. The distributed denial-of-service attack is part of OpGabon. At the time of this writing the site is back up and operating normally.
Remote Code Execution Flaw On BlackBerry 10
April 9, 2014 – BlackBerry customers have received warnings that a stack-based buffer overflow vulnerability in the qconnDoor service could lead to a remote code execution on BlackBerry 10 phones. The qconnDoor service is used to provide shell and remote debugging capabilities. However if exploited, an attcker can execute code with superuser rights, or terminate the qconnDoor service. An update has been released to fix the vulnerability.
Russian Crime Syndicate Accused Of High Profile Hacks
April 8, 2014 – U.S. officials say they have identified a Russian crime syndicate as the group responsible for dozens of high profile hacking operations over the last several years. The attacks attributed to the group include Neiman Marcus, 7-Eleven, JetBlue Airways, JC Penney and Visa. The officials say that they have been unable to dismantle the syndicate due to a lack of cooperation from Russian authorities. Richard Clarke, former special adviser for cybersecurity to the Bush administration said, “The FBI has tried to get cooperation, the State Department has asked for help and nothing happens, so law enforcement options under the current circumstances are pretty negligible.” The FBI did issue an advisory to retailers warning that the memory-parsing malware that infects POS systems used in the Neiman Marcus and Target breaches has been connected to over 20 other hacking cases in the last year, and retailers should expect more breaches. The syndicate is believed to be responsible for stealing over 160 million credit card records.
Top Websites Vulnerable To New Heartbleed Vulnerability
April 8, 2014 – Researchers have discovered a new OpenSSL vulnerability that is being referred to as the Heartbleed bug. The Heartbleed bug can be leveraged to intercept private keys, user names, passwords and other private information. According to the researchers several of the top 1,000 Alexa sites are vulnerable to the bug including Yahoo, Imgur, Stackoverflow, Flickr, OKCupid, DuckDuckGo, Eventbrite and several popular adult sites. The researchers were able to detect successful exploitation of the vulnerability by inspecting the sites' network traffic.
April 8, 2014 – Yesterday, hackers launched the second OpIsrael campaign meant to, “wipe Israel from the Internet”, as the AnonGhost hacking group said. Hackers launched attacks against thousands of Israeli sites, most belonging to small businesses. Only a few Israeli government sites suffered outages that lasted only a few minutes. In response to the attacks, Israeli hackers launched counter attacks against several radical Islamist sites and the OpIsrael website. The hackers defaced the OpIsrael site with pro-Israel slogans and links.
Indian Hacker Takes Down Pakistani Terrorist Website
April 8, 2014 – The Indian hacker known as Godziila is claiming to have taken down the Pakistani terrorist group, Tehreek e Taliban Pakistan's (TTP) website. The hacker issued a statement saying, “This website was hosted on a shared server, we found several security flaws and crushed down the website.” TTP is an organization of various militant groups that have been banned and labeled as terrorist organizations by the Pakistani government. Godziila has previously attacked the websites of the Pakistani Army and other political groups.
European Cyber Army Leaks Over 60,000 Account Details From Syrian Sites
April 7, 2014 – A member of the European Cyber Army known as Zer0Pwn is claiming to have leaked over 60,000 account details from two Syrian websites. The leaked information includes names, email ids, passwords, phone numbers and other details. The hacker published the leaked information with the title, “ECA vs. Assad.”
April 7, 2014 – As previously stated by members of Anonymous and AnonGhost, OpIsrael was launched today. This is the second time that the hackers have run this operation against Israel. So far there have been several small business websites in Israel that have been defaced. In addition some government and financial websites have been targeted with distributed denial-of-service attacks. There have also been a number of false hack claims, with hackers publishing old data and claiming to have leaked it from different companies. At this point most of the analyzed “leaked data” appears to either be old or fake.
Kansas Online Student Testing System Suffers DDoS Attack
April 7, 2014 – The Kansas Interactive Testing Engine (KITE), an online student testing system, was hit with a distributed denial-of-service attack. Students who were taking the test during the time of the attack received an error message or a blank screen. Marianne Perie, co-director of the Center for Educational Testing and Evaluation at the University of Kansas said, “We don't know if it was two bored teenagers or an anti-testing attack. We have no information.” State representatives have stated that no student information was accessed. At the time of this writing all systems have been restored and are operating normally.
Leak Of Over 36k Accounts From Hacked Jobs Site
April 7, 2014 – BigMoneyJobs.com, an online jobs website, has been hacked by the hacker known as ProbablyOnion. ProbablyOnion is the hacker responsible for the recent hack of Boxee.tv. After breaching the website, the hacker also leaked information of over 36,000 users. The leaked information includes names, home addresses, phone numbers, emails and clear text passwords. It is believed that an SQL injection vulnerability was leveraged in the attack.
Sabu Sentencing Delayed Again
April 4, 2014 – The sentencing of Hector Xavier Monsegur, formerly known as Sabu - the leader of the LulzSec hacking group, has been delayed for the sixth time. Monsegur was scheduled to be sentenced on April 2nd, but it was postponed until May 8, 2014. Monsegur has been working with the government in finding other hackers. He was originally arrested in June 2011 and has pled guilty to 12 charges. The first sentencing date was scheduled for August 2012.
Arcadia, FL Website Hacked
April 4, 2014 – The official government website for the city of Arcadia, Florida has been hacked. The hackers breached the site and have set up a pop-up advertisement for a video player download. Visitors that clicked on the download were actually downloading either a Trojan or a piece of ransomware. The Arcadia website administrators removed the pop-up as soon as they were notified about the issue.
Israel To Suspend International Traffic
April 4, 2014 – In preparation for OpIsraelBirthday, the Israeli government has announced that they will temporarily block international traffic to some government websites. OpIsraelBirthday is a hacking operation being planned by the AnonGhost hacking group and other pro-Palestinian hackers. The operation is scheduled for April 7, 2014. According to sources the suspension will be in effect from Friday through Monday. In addition Israeli civil servants have been instructed not to open emails from any foreigners.
Anti-Testing Group Website Hacked
April 4, 2014 – The United Opt Out National, a nonprofit organization dedicated to eliminating standardized tests, website has been hacked. The hack took place last month while the leaders of the organization were attending a conference to discuss strategy to promote their mission. Administrators were not able to access the site and they have since taken the site down. Visitors to the site now are greeted with a message that says, “Our site has been maliciously hacked and destroyed in an act of political sabotage. Please be patient while we rebuild the site, and get our Opt-Out resources back on line.”
NullCrew Hacks Saudi News Org
April 3, 2014 – Members of the NullCrew hacking group have breached the Saudi-owned Al Arabiya news organization. NullCrew claims to have worked with members of The Horsemen of Lulz hacking group to exploit a vulnerability in Al Arabiya's email server and web client software. As a result of the breach the hackers leaked user names and passwords for the mail server. The hackers posted a message saying, “Al Arabiya is the second largest news agency in the Middle East. Considering we've been targeting large media corporations? Well, it falls right into our range; So, without further ado. NullCrew and The Horsement Of Lulz persent to you? The candies.” The hackers claim that they have additional information that they could leak, but have not decided if they will at this time.
Oracle Java Cloud Service Attack Code Posted
April 3, 2014 – Adam Gowdiak, a Polish security researcher has posted the technical details and attack code for several security vulnerabilities that affect Oracle's Java Cloud Service. Some of the vulnerabilities could allow an cybercriminal to remotely attack applications hosted in the service's data centers. The vulnerabilities affect customers in Java Cloud's US and EMEA data centers. Gowdiak said he published the information because Oracle stopped corresponding with him about the vulnerabilities. Oracle has not issued a statement at this time.
Egyptian Armed Forces Training Authority Defaced
April 3, 2014 – The hacker known as YMH is claiming to have breached and defaced the Egyptian Armed Forces Training Authority website. The defacement message was left in Arabic, translated to English it says, “Owned by YMH! We don't know with whom to fight, el Sisi or the Muslim Brotherhood, leave all the politics behind and enjoy yourselves a little with the tea of Om Hasan.” YMH has previously claimed to hack the sites of the Tourist Development Authority of Egypt and the Military Technical College of Egypt.
ISPs Suffering From DNS DDoS Attacks
April 3, 2014 – New research has discovered that ISPs have become increasingly vulnerable to DNS amplification distributed denial-of-service attacks due to the millions of home routers that have open DNS proxies. In February 2014 alone, over 5.3 million home routers were used to generate DDoS attacks. In one specific attack over 70% of the ISP's DNS traffic was associated with an amplification DDoS attack. The researchers conclude that due to this built-in vulnerability in DNS proxies, ISPs can be victimized even if they follow normal best practices to protect their networks.
Samsung's Boxee.tv Hacked
April 2, 2014 – Web based television service company Boxee.tv has been hacked and customer data has been leaked. The cybercriminals posted private information belonging to 158,000 of Boxee,tv's clients. The breach includes almost 800 Mb of data stolen from the company's forum. Over 158,000 user accounts were compromised exposing password hashes, user IPs, dates of birth and user messages sent through the service.
WinRAR Files Allow Spoofing Vulnerability
April 2, 2014 – Israeli researchers have discovered a WinRAR file extension spoofing vulnerability, which can assist hackers in the delivery of malware.. The file spoofing allows hackers to modify the filenames and to bind malignant code in the archive disguising itself as '.jpg', .'txt' or another format. Researchers have also found Zeus like Trojans attached to the files. Users are advised to use alternate archive software and avoid opening archives with passwords.
Liquor Sore Chain Suffers Data Breach
April 2, 2014 – Spec's, a Texas liquor store chain, suffered a breach of the systems of 34 stores for a total of 17 months.. The cybercriminals had access to customer credit and debit card numbers, expiration dates and security codes. They also obtained driver's licenses numbers, check information, bank account and routing numbers and birth dates. The company stated that less then 550,000 customers and Spec's employees were impacted. Spec's released a statement saying, “Thankfully, most of our customers were not affected. While it is a relief that fewer than 5% of our total transactions may have been impacted, that in no way diminishes our great concern for those affected.” Spec's advised their customers to place fraud alert on their files with major credit card holders.
April 2, 2014 – Members of the Anonymous collective have issued a new statement with a list of new demands for OpAlbuquerque. Operation Albuquerque is a response to the police shooting of a homeless man in March. The hacktivists' statement said, “We are here in solidarity with the Albuquerque's citizens and to help bring justice that is long overdue. . . We call upon you to hold the appropriate authorities accountable . . .” The demands include the US Department of Justice taking over the Albuquerque Police Department, 'authentic and verified citizen oversight of APD', the immediate arrest of the officers involved in the shooting, the termination of the Police Chief and the indictment of all officers who violate citizens' rights. OpAlbuquerque has so far included the distributed denial-of-service attacks against the APD and City of Albuquerque websites. The Anonymous members are also planning a Twitter storm for today.
DDoS Attack On Mad Mini
April 1, 2014 – Email marketing service company Mad Mimi was hit with a distributed denial of service attack from an attacker using the name Mark Nds.. In order for the attacks to stop, the cybercriminal demanded to be paid 1.8 bitcoin, (which is worth less than $1,000) in 24 hours. The marketing company has refused to make payment, saying, “Blackmail and extortion don’t stop with acquiescence – it only encourages further attacks. As such, we’ve decided to not play along.” At this time Mad Mimi is working with law enforcement to find a solution.
Kuwait's Ministry Of Interior Hacked
April 1, 2014 – Two hackers known as Shmook Amer and Dr. Hjd are claiming to have hacked the website of Kuwait's Ministry of Interior. The message left by the hackers was a plea to Middle Eastern countries to join forces and take military action on the crisis in Syria. The hackers left a message on the defaced page in Arabic saying, “We need actions because they are louder than words.” At the time of this writing the website has been restored.
China Reports That US Is Responsible For Most Cyberattacks Against China
April 1, 2014 – According to a recent report released by China's Computer Emergency Response Team (CNCERT), most cyber attacks on China's computers are coming from the United States. The CNCERT report shows that the US is responsible for attacks on 30% of Asia's computers each year. According to the report, Anonymous hackers are responsible for breaching over 600 of China's government computer system and malware tripled in 2013 because of the US based attacks. The Chinese agency claims they have the data to prove these claims against the US.
DeadMau5 Twitter And Facebook Accounts Hacked By Anonymous
April 1, 2014 – Earlier today, members of the Anonymous collective hacked the Twitter and Facebook accounts of music producer Joel Zimmerman, also known as DeadMau5. Several messages were posted on Zimmerman's Twitter account before it was recovered. After also hacking the entertainers Facebook account, a message was posted that said, “Way to use the same password.” After a few hours Zimmerman was able to recover the accounts. No reason was given as to why the hackers targeted Zimmerman.
Chinese Embassy In Moscow Hacked
March 31, 2014 – Members of the Russian Cyber Command hacking group are claiming to have breached the Chinese Embassy in Moscow. The hackers have leaked information from Ukrainian telecom company Intertelecom. The leaked information includes data of over 100,000 customers. The hackers say this is the first leak in a series of seven. The hackers say that they obtained the information from the Chinese Embassy in Moscow after installing a Remote Access Trojan. The fact that Intertelecom's information was stored at the Chinese Embassy is seen as proof by the hackers that the Russian and Chinese governments are working together to spy on Ukraine.
Albuquerque Police Department Website Hacked
March 31, 2014 – As we reported last week, members of the Anonymous collective published a statement threatening the City of Albuquerque and the Albuquerque Police Department after the shooting of a homeless man on March 16. Today, the Albuquerque Police Department website has been taken down by hacktivists. Authorities told The Associated Press that the source of the attack is not known. City officials had said they enhanced their website security, but the site was still taken down despite these efforts.
Smart Cars Can Be Hacked
March 31, 2014 – New research carried out on the Tesla Smart car has proven that hackers are able to remotely locate and unlock the Tesla Motors electric vehicles by cracking a six character password using traditional hacking techniques. Researchers have reported that by using a tool kit called Can Hacking Tool (CHT) hackers can breach the smart cars, giving them entire control of the car to the attacker. When the customer purchases the smart car they are required to sign up for the Tesla smart phone app which controls the vehicle. The password is vulnerable to several kinds of attacks similar to those used to gain access to a computer or on line account. Tesla spokesperson Patrick Jones declined to comment on it, though he said the research is being carefully reviewed by the car makers.
Pakistani Consulate Website Hacked In Protest
March 31, 2014 – Hasnain Haxor, a Pakistani hacker, is claiming to have hacked and defaced the official website of the Pakistani consulate in Jeddah. The hacker left the website defaced, along with messages written in Urdu and English on the home screen. The messages spoke about protesting against the ongoing corruption in Pakistan. The hacker stated, “Pakistan Haxors Crew is here to remind you of your security. Our fight is not against any individual but the system as a whole. Should you choose to ignore security, it will reincarnate as your worst nightmare! We just defaced your website to give you a chance to put your hands on it before others come and destroy it!” At this time the website has been restored and is currently operating normally.
RedHack Attacks Turkey's Telecommunications Directorate Site
March 28, 2014 – Members of the RedHack hacking group attacked Turkey's Telecommunications Directorate (TIB) website. The attack was in response to Turkey's attempt to ban YouTube and Twitter. The hackers posted a message saying, “You forgot the coordinator of everything while calculating things. The ban is meant to be banned.” YouTube was blocked after a recording of top security officials discussing possible military operations in Syria was leaked. Prime Minister Tayyip Erdogan has said the leak is just another attempt to discredit him before the upcoming elections.
Anonymous Threatens Albuquerque Police Department
March 28, 2014 – Members of the Anonymous collective have threatened to crash the Albuquerque Police Department's (APD) website in response to the shooting of a homeless man. The hacktivists posted a message saying, “Whether this man had a history of crime is irrelevant. We drastically need to address the growing police state that has occupied our country.” Albuquerque City Attorney Rob Perry stated, “We respect this group. They have an ability to get into highly, federally protected computer systems ... and we're going to do what we can to guard against the problem.”
Monster Job Website Targeted With Gameover Zeus Malware
March 28, 2014 – Cybercriminals are reportedly targeting companies that use the services of Monster.com with a new variant of the Gameover malware. The Gameover malware infection is similar to the Zeus banking malware whose source codes were leaked in 2011. The malware steals log-in information and other sensitive information by injecting false web forms into legitimate websites when accessed from infected computers. In the second phase of the attack, the hacker obtains your sensitive information and uses it to conduct fake security checks. Security experts are warning that users should “be wary of any irregularities. If the account is potentially tied to a bank account and a spending budget, it's a target for banking Trojans.”
Chinese Authorities Detain People Allegedly Involved In Spam Operation
March 28, 2014 – Chinese officials have arrested 1,530 individuals involved in a mobile spamming operation. Authorities have also seized 2,600 devices used for spamming and shut down 24 websites that sell spam distribution equipment. Departments within the Chinese government have been targeting people involved in the manufacturing, selling and purchasing unlicensed telecommunications stations. One of the groups arrested are charged with sending more than 200 million spam messages.
Report: 30 Million New Malware Variants In 2013
March 27, 2014 – A new report has been released showing that 30 million new malware variants were created in 2013. Over 30% of the computers in the world were found to be infected with malware. The Android platform was the primary target for malware. There were four major categories of malware with Trojan malware accounting for 78.97% of infections. Worms (6.89%), Viruses (5.83%) and Adware/Spyware accounted for most of the remaining infections. The most infected countries were China, Turkey, Uruguay, Chile, Spain and Colombia.
New CoinKrypt Malware Targeting Mobile Phones
March 27, 2014 – Researchers have discovered several new variants of the CoinKrypt malware. CoinKrypt is designed to hijack mobile devices and turn them into digital currency mining bots. The malware is not stealing information from the infected devices, but it is using its resources and data plans to mine for digital currency. CoinKrypt is targeting Litecoin, Dogecoin and Casinocoin, it has not yet been seen targeting Bitcoin.
Over 275 DDoS Attacks Every Hour According To Report
March 27, 2014 – A recent study on distributed denial-of-service attacks is claiming that there are over 275 DDoS attacks against major corporations around the world occurring every hour. According to the study these attacks are frequently being used to hide APT attacks. DDoS amplification attacks are also rising, and continue to be a major challenge for businesses. In the month of February amplification attacks were seen to rise 371%. The study was based on analysis of attacks in Tier-1 and Tier-2 data centers operated by ISPs and major corporations throughout 2013.
South Korean Search Portal Breached
March 27, 2014 – Naver, South Korea's largest Web portal, suffered a breach which resulted in 25 million accounts being compromised. The Asian National Police Agency arrested a 31 year-old South Korean man, referred to as Seo, on charges of infiltrating and hacking the accounts. The allegations say that the man purchased the user information from another hacker several months ago. Seo is accused of using the stolen information to breach the accounts of Naver users and sending out spam messages and other “illicit emails” to the account holders. A Naver representative said, “The best preventive measure for now would be for users to change their passwords on a regular basis so that even if someone should access their accounts the impact would be minimal.”
WordPress Major Source Of Malware Distribution
March 26, 2014 – Security researchers have issued a report showing that sites running the WordPress software are a major source for malware distribution. The report points out that in many instances the fault for the security issues lies with the site administrators, who do not keep WordPress updated. Only recent versions of WordPress have auto updating features, but even this requires the web server process have access to the WordPress program files. In addition, insecure plugins lead to many blog breaches and attacks on blog visitors according to the report.
Israeli Defense Magazine Forum Hacked
March 26, 2014 – It is being reported that it is suspected that Muslim hackers have breached the Israel Defense Magazine website and customer database. The customer database is believed to have been used to launch a SMS attack on Israelis. Hundreds of Israelis, including many journalists, received texts warning that Hamas was going to conquer Israel. Other messages said they were "a warning to the Zionists, the al-Qassam rockets are waiting for you." In addition, an email that appeared to come from Israel Defense was sent to its subscribers warning that Israelis will be sent to hell if they think of reoccupying Gaza.
Ethiopian Government Accused Of Spying On Opponents
March 26, 2014 – A human rights watch group has accused the Ethiopian government of importing technology to spy on the phones and computers of its opponents. The group claims that the government is using the technology from European and Chinese firms to attempt to silence dissent. Ethiopian Information Minister Redwan Hussein said, "There is nothing new to respond to," when asked about the accusations. All phones and Internet connections in Ethiopia are provided by a state-owned company, giving the government the ability to monitor communications.
AnonGhost Planning OpIsraelBirthday
March 26, 2014 – Members of the AnonGhost hacking group have announced plans for OpIsraelBirthday. The operation will take place on April 7, 2014, the one year anniversary of the original OpIsrael. Last year's operation did not have any major impact on Israel, although the hackers say they hacked over 1 million Facebook accounts of Israelis and over 7,000 Israeli websites to date. AnonGhost is the group behind other hacking operations, such as OpPetrol and OpUSA.
Anonymous Ukraine Leaks Millions Of Credit Cards
March 25, 2014 – Members of the Anonymous Ukraine hacking collective have posted over 7 million credit card numbers on the Internet. The hackers posted a message with the data saying, “Today we publish the first part of our exposure of the international financial system Visa, MC, Discover & Amex, enslaved people around the world. More than 800 million credit cards. Over a trillion dollars.” While the hackers claim over 800 million cards, only slightly over 7 million cards have been released. Of those released, about 4,000 have full user data including social security number, credit card, card expiry, name, pins, dates of birth and zip codes. The other data appears to have valid credit card numbers, bank routing numbers and full names, but does not contain the credit card CCV or card expiry dates. The majority of the cards come from United States based banks.
Basecamp Suffers DDoS Attack
March 25, 2014 – Basecamp, the project management tool, has been hit with a distributed denial-of-service attack. The hackers claiming responsibility have contacted Basecamp and are demanding payment in exchange for stopping the attack. Representatives of the company have said they “will not succumb to blackmail.” It is believed that the hackers are the same ones that attacked Fotolia.com last week. Basecamp issued a statement saying, “We're doing everything we can with the help of our network providers to mitigate this attack and halt the interruption of service. We're also contacting law enforcement to track down the criminals responsible.”
Microsoft Word Vulnerability Exploited In Targeted Attacks
March 25, 2014 – A remote code execution vulnerability is being actively exploited in targeted attacks against Microsoft Word 2010. The vulnerability allows remote code execution when a user opens a maliciously written RTF file using Word 2010 or when previewing or opening an RTF email message in Microsoft Outlook while using Word as the email viewer. An attacker could access the user's rights if the vulnerability is exploited successfully. Microsoft is working to fix the vulnerability, but suggests that users disable opening RTF content in Word in the meantime.
Anonymous Plans April Attacks On South Korean Government
March 25, 2014 – Members of the Anonymous collective have issued a statement warning of attacks against South Korean government websites on April 14. The hacktivists are blaming the government for wating taxpayers' money, distorting the media and suppressing its citizens. An official from the South Korean Ministry of Science, ICT and Future Planning said, “The ministry is working with the intelligence and other government to work out countermeasures as Anonymous has a track record of making actual hacking after warning.”
NSA Accused Of Stealing Huawei Source Code
March 24, 2014 – Several sources are reporting that the National Security Agency conducted an offensive cyber operation about Huawei, the Chinese networking company, in 2009. Known as Operation Shotgiant, the NSA worked with the CIA, the White House intelligence coordinator and the FBI, to find an association between Huawei and China's People's Liberation Army. According to reports, the NSA stole the source code for certain Huawei products, and learned how to exploit the products in order to conduct surveillance on foreign customers. The NSA is accused of spying on former Chinese President Hu Jintao, the Chinese trade ministry, banks, telecom firms and tracking more than 20 Chinese hacking groups, including some which were Chinese Army and Navy units.
Anonymous Takes Down Monsanto Brazil Site
March 24, 2014 – Members of the Anonymous collective conducted a distributed denial-of-service attack against the Monsanto Brazil website yesterday. As a result the website has been unavailable. Monsanto has been a frequent target for the hacktivist community. This attack was specifically protesting the use of GE Trees, which the hacktivitsts claim poisons land and displaces communities in Latin America. At the time of this writing the website is still down.
Android Flaw Leaves Billions Of Devices Open To Infection
March 24, 2014 – Security researchers have discovered new Android vulnerabilities that carry out privilege escalation attacks because of the weakness in its Package Management Service (PMS). These new vulnerabilites puts over one billion Android devices at risk to malware infection. The researchers are calling these flaws “Pileup flaws”. Six different vulnerabilities have been discovered within the Android PMS. All of the flaws have been reported to Google. At this time only one has been fixed.
Hackers Take Down Egyptian State Information Service Site
March 24, 2014 – The hacker group known as IzzahHackers are claiming to have taken down the Egyptian State Information Service website. The hackers refer to the website as the government's propaganda service. They also refer to Deputy Prime Minister of Egypt, Abdel Fattah el-Sisi, as the Egyptian Hitler. Other hackers are calling on the IzzahHackers to take down additional websites.
SEA Leaks Microsoft Invoices To FBI
March 21, 2014 – The Syrian Electronic Army (SEA) has leaked copies of invoices from Microsoft to the FBI's Digital Intercept Technology Unit (DITU). The hackers see this as evidence that Microsoft is selling user information to the government. The invoices detail the amount charged for each request for data. SEA says they accessed the invoices by compromising DITU. The invoices were from December 2012, August 2013 and November 2013. The last invoice was for $281,000.
HootSuite Hit With DDoS Attack
March 21, 2014 –The social media management tool, HootSuite was hit with a distributed denial-of-service attack. Ryan Holmes, CEO of HootSuite, sent an email to customers saying, "HootSuite services experienced downtime, which might have impacted you or your organization. . . We experienced what's known as a denial of service attack (DoS). I’m writing today to let you know that the HootSuite Engineering and Security teams are working to mitigate the DoS attack and that there are no inherent security risks to your accounts, nor has any customer data been compromised." At the time of this writing the site is back up and operating normally.
Turkish Government Blocks Twitter
March 21, 2014 –The Turkish government has blocked access to Twitter, just days prior to local elections. Turkey's Prime Minister Recept Tayyip Erdogan, had threatened to "root out" Twitter, after wiretapped recordings showing evidence of corruption among his administration had been leaked. Officially Twitter was blocked due to their failure to follow four court orders. BTK, a Turkish telecom watchgroup said that Twitter was blocked after complaints were made by citizens that Twitter was breaching privacy. BTK issued a statement saying, "Because there was no other choice, access to Twitter was blocked in line with court decisions to avoid the possible future victimization of citizens." Twitter has made no formal statement, but did post a message advising people that they could still post messages to the platform by using mobile phone text messaging. Erdogan's office issued a statement saying, "If Twitter officials insist on not implementing court orders and rules of law ... there will be no other option but to prevent access to Twitter to help satisfy our citizens' grievances." The ban quickly caused an uproar among Turkish users, and they have quickly come up with ways to bypass the block, including using the text messaging suggested by Twitter and by using VPNs. Online activists have been comparing this action by the Turkish government to those of the Iranian and North Korean governments. In addition, some of the activists are trying to organize physical protests in Turkey.
Poland's Military Strengthening Cybersecurity Through Universities
March 21, 2014 –Poland's Ministry of Defense has signed an agreement with three universities to bring in research collaborations in the areas of mathematical and information technology. The agreement will bring the National Cryptology Center, Poland's cryptography and cyberwarfare military branch, together with the University of Warsaw, the Technical University of Warsaw and the Technical University of Wroclaw with the goal of arming itself with the technical knowledge necessary for increased cyberwar capabilities. The first goal of the program is to increase Poland's cryptography capabilities. The National Cryptology Center's director, Piotr Markowski said, "The cryptographic security of information should not depend on algorithms to which a country does not have full rights. The ability to secure its information with its own algorithms shows the power of a country."
Australian Arrested In Connection With US Gaming Company Hack
March 20, 2014 – A 21-year-old man from Kingaroy, Australia has been arrested by Australia's Queensland Police Service and charged with fraud and hacking related offenses. The suspect and the company he attacked were not named, but he is suspected of hacking the systems of a US-based online gaming company. Detective Superintendent Brian Hay of the Fraud and Cyber Crime Group said, "We would like to acknowledge the assistance of the FBI and the US based gaming company for their assistance in bringing this investigation to a successful close." The man has been charged with three counts of computer hacking and misuse, and five counts of fraud, including dishonestly obtaining property from another, dishonestly applying property to own use and dishonestly cause detriment and possessing equipment for purpose of committing or facilitating the commission of an offense. He is scheduled to appear in court on April 8.
New Variant Of Zeus Malware Discovered
March 20, 2014 – Researchers have discovered a new variant of the Zeus malware. This new variant is unique in that it is not designed to steal sensitive information, rather it is designed to load clickbots. The TROJ_ZCLICK.A variant displays arbitrary websites on infected computers, once opened by the threat the sites occupy the entire screen, preventing users from opening other windows or files. New websites are opened every time the victim performs an activity like opening a window or a file. If the user doesn't take any action the malware will take control of the mouse. The malware is designed to generate income for its masters through pay-per-click activities. The only way to return to the desktop is by pressing the Windows key + D. Even when this is done, the sites will continue to run in the background.
Another Bitcoin Exchange Hacked
March 20, 2014 – It is being reported that another Bitcoin exchange, CoinEX.pw has been hacked. A representative of CoinEX.pw posted a message saying, "Yes, our wallet server got hacked and all funds were withdrawn . . . we're covering this from our own pockets." Since the exchange has gone down, the site's administrator has deleted his Twitter and Github accounts. CoinEX.pw has not issued any further statements at this time.
Cryptocurrency Mining Linux Worm Found
March 20, 2014 – A new variant of a Linux worm that infects Internet enabled devices, including security cameras, routers, set-top boxes, printers and industrial control systems running Linux, has been found by security researchers. This worm infects computers running Intel x86 architectures, but can also infect devices running MIPS, ARM and PowerPC architectures. Once the malware is installed on a device it downloads open source mining software. Through the end of last month, the worm had stolen over 42,000 Dogecoins and 282 Mincoins. Researchers believe it focuses on Dogecoins and Mincoins, instead of Bitcoins, because they can be mined from home PCs. The areas most affected by the worm are China, the United States, South Korea, Taiwan and India.
Hacked EA Games Site Hosting Apple Phishing Page
March 19, 2014 – A hacked EA Games webserver has been found to be hosting a phishing page which attempts to steal Apple IDs. Hackers broke into the EA subdomain by exploiting vulnerabilities in an outdated version of a web calendar application. The phishing page is designed to trick visitors into providing their login information for the Apple website. Investigators are still trying to determine if the hackers accessed any internal servers or other information.
March 19, 2014 – The Moroccan hacker known as Diabl0 has been arrested in Thailand. Diabl0 is Farid Essebar, a 27-year old Moroccan with Russian citizenship. Essebar is being accused in Switzerland of hacking into the systems of several banks and causing damage estimated at $4 billion. Essebar has previously been accused of creating the Zotob worm, which infected computers at CNN, ABC News, NY Times, Boeing and the US Department of Homeland Security.
Botnet That Infected 25,000 UNIX Servers Found
March 19, 2014 – Researchers have discovered a malware campaign in which over 25,000 UNIX servers have been infected and abused over the past two years. The infected servers were used to send out 35 million spam emails a day. At that rate almost 500,000 computers were at risk of being infected each day. Most of the infected servers are in the United States, Germany, France and the UK. Experts say that infected devices should be wiped and the operating system and software should be reinstalled.
Three Charged In Attempt To Hack Pentagon Payroll
March 19, 2014 – Three men have been indicted for attempting to hack into the Department of Defense's payroll service and customer accounts at 14 different financial institutions. If successful, the hackers would have stolen at least $15 million. The US Attorney's office has charged two men from Kiev, Ukraine and a third from New York, with conspiracy to commit wire fraud, conspiracy to commit access device fraud and identity theft and aggravated identity theft. The New Yorker is in custody, while both Ukrainians are currently fugitives. The men face a maximum sentence of 27 years.
Vulnerability In Paypal Subsidiary Allows Internal Network Access
March 18, 2014 – Researchers have discovered a critical Server Side Request Forgery (SSRF) vulnerability in the website for Paypal subsidiary, Bill Me Later. The vulnerability was found in the merchants.billmelater.com subdomain. A hacker could send a request to any internal network through Bill Me Later's API and get a response. Researchers were able to query internal databases without being required to enter login credentials. Paypal has partially corrected the vulnerability by restricting the API's ability to access the internal servers. However, it can still act as a proxy to view other hosts.
Hackers Deface Multi-Hazard Early Warning System Site
March 18, 2014 – The Indonesian hacking group known as Black Angels, have breached and defaced the Regional Integrated Multi-Hazard Early Warning System for Africa and Asia (RIMES) website. The defacement message reads, "Initiating System! System loaded, Your web server needs security! Security system owned by Black Angels." RIMES is an international group that generates early warning information for its member states. At the time of this writing, the site is still displaying the defacement.
Russian Cyber Command Hackers Leak Investment Fund President Personal Info
March 18, 2014 – Members of the Russian Cyber Command (Rucyborg) hacking group have leaked personal information belonging to Alexandr Bagnuk, the President of the Russian Industrial Investment Fund, a semi-governmental investment company. The hackers are claiming to have stolen information from Bagnuk's personal computer, including information on "critical Russian business operations and shadow banking." Along with the stolen information, the hackers posted a message saying, "Today we aren’t going to say much, since we aint got nothing to say pretty much, except that Putin has lost his mind. Russian Industrial Investment Fund is one of the biggest Russian ‘non-profit’ as they declare organization but they attract investments into Russian economy."
Toyota, Chevrolet and Renault's Guatemalan Sites Defaced
March 18, 2014 – The Pakistani hacking group known as Team Cyber Criminals have breached and defaced the Guatemalan sites of Toyota, Chevrolet and Renault. The three websites seem to have been developed by the same company, leading experts to believe that the sites share a common vulnerability. The hackers left a message saying, "Hacked by Algeriano. TOYOTA & RENAULT & CHEVROLET Guatemala hacked. Cyber Criminals Was Here." There was no reason given by the hackers as to why these sites were targeted. At the time of this writing the sites have been restored and are operating normally.
Google's Public DNS Hijacked
March 17, 2014 – Yesterday, Google's public DNS service was hijacked for 22 minutes, affecting networks in Brazil and Venezuela. It appears that the traffic was redirected to BT Latin America's network. Approximately 70 million IP addresses use the DNS service, accounting for about 130 - 150 billion queries a day. At this time it is not known who was behind the attack.
SEA Attacks US CENTCOM And Syrian National Coalition Site
March 17, 2014 – The Syrian Electronic Army (SEA) is claiming that they have penetrated the systems of the US Central Command (CENTCOM). SEA has provided information that shows they have accessed some Army Knowledge Online servers. The information that they released appears to be unclassified and CENTCOM is denying that their systems have been breached. In addition, SEA has hacked and defaced the National Coalition for Syrian Revolutionary and Opposition Forces (also known as the Syrian National Coalition) website. The Syrian National Coalition is made up of opposition groups that focus on replacing Bashar al-Assad and his government.
Ukrainian Hackers Target NATO Sites
March 17, 2014 – The Ukrainian hacking group known as Cyber Berkut are claiming responsibility for the downtime of three NATO websites. The sites that suffered the distributed denial-of-service attacks are nato.int, the NATO Parliamentary Assembly and the NATO Cooperative Cyber Defense Center of Excellence. NATO representatives have confirmed that the sites were the target of a "significant DDoS attack." The representative added that no NATO data or system was affected by the attack. The hackers say they launched the attack because they don't want NATO to interfere in Ukraine.
Polish Bitcoin Exchange Hacked
March 17, 2014 – Bitcurex, Poland's largest bitcoin exchange, temporarily shut down it's site due to a hacking attack that targeted users' funds. Bitcurex posted a statement online saying that due "to an error and ongoing maintenance work (Bitcurex) has decided to temporarily shut down service." The temporary closing of the site will allow Bitcurex's IT team to "perform a necessary verification." The statement continued, "We successfully blocked a hacking attack . . . preventing mass theft of BTC funds of our users. Thanks to automatic safety procedures, hackers managed to defraud only a portion of the funds stored in operational Hot Wallet Bitcurex. The majority of funds from Hot Wallet, as well the entirety of funds from Cold Wallet and FIAT monetary funds remained intact." The total amount that was stolen has not been disclosed at this time.
UK Supermarket Giant Morrisons Suffers Financial Data Breach
March 14, 2014 – The fourth largest supermarket chain in the United Kingdom, Morrisons, reported that a list of personal information – including names, addresses and banking payroll data – has been stolen. The information on all of its employees was posted on an unnamed website and was available for hours until the company could take it down. The company is in the process of analyzing the threat, but believes it came from an internal actor rather than an outside cyber-criminal. Morrisons has promised to support all employees with financial and personal identity security, although it is still in the planning process of how to do this.
Russian Government Blocks Anti-Putin Sites, Hackers Retaliate
March 14, 2014 – The Russian government has blocked access to several website that have in the past been highly critical of President Putin and his coalition. One site included the blog of Alexei Navalny, an outspoken opponent of Putin and a vocal anti-corruption advocate. Russia claims the websites were blocked because they promote crime, releasing a statement that read “[t]hese sites contain incitement to illegal activity and participation in public events in violation of the established order.” Critics have argued they are deliberate censorship of legitimate anti-Putin sentiment. In response, several hackers have defaced or attacked government and other websites, including the Russian central bank. Others have posted public information on how to bypass the new blocks.
Google Begins To Encrypt Search Terms In Mainland China
March 14, 2014 – Google is taking steps to encrypt all searches on its search engine within China, mirroring actions it has taken in the United States and several other countries. Google retreated from much of the mainland in 2010 following revelations that its servers had been hacked by China and increased requests to censor content. The company now currently headquarters its Chinese efforts in Hong Kong and commands only 5-10% of the market share. Google has begun to offer encrypted searches around the world, with the service now automatic in the United States, and believes it will allow Chinese users to search any topic, regardless of Chinese spying or filtering. The majority of Google users in China are believed to be tech-savy, however, and are largely believed to know how to bypass Chinese censorship anyway. China has not commented on Google's initiative.
Target Was Alerted To, But Ignored, Warnings Of Massive Data Theft
March 14, 2014 – New reports show that Target, who suffered a data breach of over 40 million customers' cards during the peak of the holiday shopping season, was receiving alerts about active malware in its system and of suspicious activity but ignored them. The prolonged breach now seems to have occurred, in part, because of security operational failure. Target, which reportedly moved to a new security system just 6 months prior, ignored many of the alerts because of a combination of mistrusting the new software and believing the alerts to be false-alarms. As well, outsourced system monitors in Bangalore failed to connect with Target's security team in the United States, slowing down the company's response to the threat.
EC-Council Reports Hackers Gained Access To Member E-mails
March 13, 2014 – EC-Council, a US-based ethical-hacker certification organization, reports that hackers gained access to its e-mail system, hosted by a third-party. The breach, although only compromising 2% of user e-mails, would have exposed any private conversation using the address for a short amount of time. EC-Council is still investigating the attack, though it claims it has identified the vulnerability and addressed it. No credit-card or financial information has been made vulnerable.
Agent.btz Believed To Be Possible Ancestor Of Recently Discovered Espionage Campaigns
March 13, 2014 – Several recently discovered cyber-espionage campaigns that targeted government computers and defense networks may have a common origin in Agent.btz, a malware program discovered in 2008 that forced the US Department of Defense to ban USB drives. Both the Red October Campaign, first reported in 2013, and the 'Snake' campaign discovered this month, share coding similarities with the Agent.btz program. All three campaigns, including the also-recently discovered Uroburos malware component to the Snake campaign, seemed to specifically target government, defense and diplomatic institutions. In addition, all three programs seem to have been written by Russian speaking programmers and the malware within the Snake campaign shares extensively similar logging and other similarities with Agent.btz. While researchers are not ready to confirm that all three attacks have been orchestrated by the same group, some believe it is likely that Agent.btz at least inspired the other campaigns; especially after much of the code of Agent.btz was released to the public, providing at least a partial blueprint for future attacks.
North Dakota University System Has 290,000 Personal-Information Records Stolen
March 13, 2014 – The North Dakota University System discovered that its servers had been breached sometime in October and that over 290,000 files containing identification information – including social security numbers – of students, applicants and employees were stolen. The university is unsure if the hackers took advantage of the information, as it appears the primary purpose of the attack was to leverage the system's processing power to attack other sites. It is possible they did not know the files were even present, according to a statement from the school, but it is still offering free identity protection services for a year.
Nigerian Electronic Army Defaces Popular Reddit Pages
March 13, 2014 – A group going by the name 'Nigerian Electronic Army', claimed responsibility for a series of defacements on popular Reddit pages on gaming, technology and general interests. Reddit reported that each attack was carried out by successfully logging into various Moderator accounts with just one password try, suggesting there is an accurate password list somewhere on the Internet. Reddit is uncertain how the list was gathered but urged all moderators to create stronger, unique passwords for their accounts. The Nigerian Electronic Army is attempting to sell the information to carry out similar attacks for one bitcoin on its created-Monday Twitter page.
NSA Nominee Talks Cyberwar Units
March 12, 2014 – President Obama's nominee to head the National Security Agency, Vice Admiral Michael Rogers, told the Senate Armed Services Committee that cyberwar combat units would help counter the perception that the United States is "an easier mark" for cyberattacks because it did not "have the will to respond." The plan is for all major combat commands in the US military to have dedicated forces to conduct cyberattacks. The Senate committee still must approve Rogers appointment as the head of the NSA and the US Cyber Command. Rogers testified that the United States has seen evidence of cyberattacks on the new government in Ukraine, but would not say if he believed the Russian government was behind the attacks. Rogers said, "Clearly, cyber will be an element of almost any crisis we're going to see in the future." He also said that the Defense Department systems were vulnerable to major attacks, and would be until a new architecture was implemented. Rogers committed to making the NSA's activities more transparent and he would "assure a sense of accountability" for their activities.
Harvard Law National Security Journal Site Breached
March 12, 2014 – The Harvard Law School National Security Journal website has been breached. The hackers injected links to various rogue pharmacies into the website. This allows the hackers to optimize the rogue sites by creating backlinks to them, a common mal-intended SEO tactic. The hidden links have been inserted into almost every sentence of the site's source code. Further research shows that these same links have been injected into at least 300 other websites. There has been no comment made by the Harvard Law National Security Journal at this time.
Data Leaked From Russian IT Security Firm
March 12, 2014 – Members of the hacking group known as Russian Cyber Command have leaked data they claim was accessed by compromising SearchInform. SearchInform is a Russian IT security company that offers solutions for employee monitoring and data protection. The hackers say they gained access to SearchInform's systems and used that access to compromise their support system, allowing them to access the servers of the company's customers. The hackers claim that SearchInform is a "top Russian spy company." "Tonight we deliver a devastating blow into Putin regime by annihilating his TOP IT market leader – the FSB company that is in control of main Russian infrastructure companies," a representative of the hacking group said. The data leaked contained over 3,000 files that included emails, databases, source code, software and various types of documents. The hackers said their next target is Veles Capital, which is the main investor in Russian Crimea.
Adviser To Turkish Prime Minister Has Twitter Account Hacked
March 12, 2014 – The official Twitter account of Mustafa Varank, a top adviser to Turkish Prime Minister Recep Tayyp Erdogan, has been hacked by a Turkish hacking group. The hackers posted messages from the account about supporting the protests in memory of Berkin Elvan. Elvan is a teenager that died as a result of a head injury caused by being hit with a teargas canister during the Gezi protests in Istanbul. The account was recovered after a few hours, and Varank posted a message saying, "After voyeurism, montage and blackmail, they have also started to steal accounts. I think I have succeeded to get my account back. I apologize to my followers."
Ongoing Investigation Reveals 200 Million Consumer Records Stolen In Experian Compromise
March 11, 2014 – The latest findings from a year-long investigation into Hieu Minh Ngo, a 24 year old Vietnamese national, reveals that up to 200 million Americans may have had personal information – including social security numbers – stolen from the databases of Experian, one of the big three national credit reporting agencies. Posing as a private investigator in Singapore, Ngo payed a license fee to access the online database ,U.S. Info Search. U.S. Info Search has an agreement with Experian-owned Court Ventures, an aggregator of public records data, which ultimately gave him access to countless records of American citizens. The stolen information includes addresses, contact information and social security numbers. Ngo is accused of selling batches of data – and taking requests for specific searches – on identity theft websites. Though Ngo had access to the 200 million records, investigators believe he may have only sold records of up to 30 million citizens, but it will be some time before the final number is known.
Hacker 'Ethical Spectrum' Goes On Celebrity Website Defacement Spree
March 11, 2014 – The hacker Ethical Spectrum, who made headlines in February for breaching the system of Finnish game developer Supercell, has defaced the websites of American celebrities Miley Cyrus, Selena Gomez, Taylor Swift, Britney Spears, Nicki Minaj and Chelsea Handler. The hacker originally launched an attack around March 8th replacing the websites with a popular dancing Internet meme and the message “Hacked. For more security [e-mail address]”. The hacker has defaced the websites again and posted the e-mail address of Greg Patterson, the COO of ground(ctrl), a web development firm specializing in celebrity clients. In previous cases the hacker has reached out to companies and offered to secure their systems, hacking the systems only after the offer is ignored.
Data Breach Of Archdiocese Of Seattle Exposes SSN Of 90,000 Employees And Volunteers
March 11, 2014 – The Archdiocese of Seattle has alerted 90,000 employees and volunteers that personal information – including names, addresses and social security numbers - have been stolen by unknown cybercriminals. The organization, which keeps the information on file for running background checks, has hired a forensic security company to investigate and has alerted the FBI. The first known case of fraud occurred last week and the list of victims has continued to grow. The information, thus far, has been used to file fake tax returns with the IRS.
Over 160,000 WordPress Accounts Used In DDoS Attack Of WordPress Account
March 11, 2014 – A new security investigation has revealed that a vulnerability in all WordPress accounts, accessed through the enabled-by-default XML-RPC setting, has been abused to carry out a DDoS attack against another popular WordPress site. The site, which has not been named publicly, was brought down by the attack that turned thousands of accounts into botnets without actually gaining login information or otherwise compromising the accounts. A subsequent examination by the site's new security firm immediately identified that a majority of the page-requests used in the attack were coming from legitimate WordPress websites. An investigation revealed the XML-RPC abuse and the site has since been restored.
Mt.Gox Bitcoin Exchange Hacked Again, Attackers Claim CEO Lied To Customers
March 10, 2014 – On Sunday, the official blog of Mark Karpeles, CEO of the now defunct, Tokyo based Bitcoin exchange Mt.Gox, was hacked. A post was made by the attackers claiming that Karpeles lied about the number of BitCoins stolen in the breach that resulted in the exchange's closure. The post contains balance information and various company files that seem to suggest the bank still contains the estimated 850,000 Bitcoins reportedly stolen and argues the organization is lying to its customers in an attempt to pocket the currency. The hackers posted proof of their access to servers and large amounts of information, but refused to release customer data as they claim they want revenge against Mt.Gox and not to make the customers suffer further. Some researchers have suggested the hackers are showing outdated financial information, while others have argued that the reportedly stolen Bitcoins have not yet been used or moved – suggesting they really are still at Mt.Gox. The attackers have promised more information is still to come.
New Findings Link Various Sophisticated Malware Programs To Russian Campaign
March 10, 2014 – A new report links various ongoing malware campaigns that infect classified databases primarily in Eastern Europe, but also in Western Europe and the United States. The Uroburos malware, reported on last week, has been linked to a Russian cyber-espionage campaign entitled 'SNAKE', that has gone undetected for at least eight years. Also within this campaign is the Turla malware program discovered by Western intelligence organizations that has specifically targeted European and US government computers. The various programs within 'SNAKE' share similar sophisticated coding and attack patterns that target vulnerabilities in Windows operation system security.
Indian Defense Ministry Hacked, Classified Military Files Vulnerable
March 10, 2014 – It is being reported in India that over fifty computers belonging to the Defense Ministry and the Defense Research and Development Organization had been infected with malicious software. Indian intelligence agencies became alerted of the spyware in December and reported that the malware was capable of infecting devices not connected to the Internet. It has been suggested that up to thirty classified military-related files may have been breached by hackers, though the Indian Army has downplayed the severity of the attack. The majority of cyber-espionage attempts against India are carried out by China or Pakistan, though it is still unclear who is responsible for this latest breach.
Latest Hack of Justin Bieber's Twitter Exposes Danger of Celebrity Accounts
March 10, 2014 – The official Twitter account of Justin Bieber, with over fifty million followers, was hacked again over the weekend. Tweets were posted in Indonesian that directed followers to a phishing site that promised more social media attention if users entered their information. The account was eventually recovered, but with so many followers it is unknown how many users fell victim to the scam. Celebrity accounts have increasingly come under attack as their viewership, likes or followers have increased, exposing millions of people to spam or intrusions even if the celebrity account is only briefly hijacked.
Over 2 Million Facebook Profiles Infected By Latest Scheme
March 7, 2014 – The latest scheme by hackers hoping to gain access to profiles on the popular global social network service has infected over 2 million accounts and is believed to be spreading rapidly. The attack involves infected profiles posting what appears to be private, adult or pornographic content on friends profiles. Once the user brings up the video – which is set up to appear as a YouTube page – they download an infected flash plug-in and their profile data and passwords are stolen.
Dendroid Toolkit For Sale Makes Infecting Android Easier
March 7, 2014 – A new Android development toolkit - called Dendroid – is on the market for $300. Dendroid allows criminals to infect legitimate Android applications with malicious software, which can then take control of various device functions including web access, recording video, audio, calls and texts and file deletion. The toolkit is not the first commercialized malware program for Android but researchers believe it is the most sophisticated currently available. The control panel for the program is delivered as a service, with the function hosted on offshore virtual private servers.
Prime Minister Of Turkey Threatens To Shut Down Social Media
March 7, 2014 – Following increased scrutiny over an ongoing corruption scandal, Prime Minister Tayyip Erdogan of Turkey has threatened to ban popular social media sites Facebook and YouTube in the near future. Many of the allegations against his government have originated on the Internet and Mr. Erdogan has expressed interest in blocking various social media sites to to stop “all kinds of immorality, all kinds of espionage.” Turkey's president, Abdullah Gul, has ruled out such actions except to protect privacy. Anonymous Turkey, through its #OpTurkey campaign, is believed to have condemned the threat through a picture posted on its Twitter promoting free speech.
ComiXology Website Breached, Accounts Compromised
March 7, 2014 – The digital comic delivery platform ComiXology announced its website has been hacked, with a database containing customer and merchant profiles and passwords compromised. The breach was discovered when several e-mails to users and merchants not authorized by the website were sent out. ComiXology claims no payment information was stolen and that it has fixed the vulnerability in its security system. All users must reset their passwords before being able to log back on.
Update: Newsweek Exposes BitCoin Creator, Supporters React With Anger
March 6, 2014 – The creator and original coder of the BitCoin digital currency, Satoshi Nakamoto, has been exposed in an article by Newsweek magazine. The Japanese-American retreated from public life in 2011 and had not been heard from since. Having tracked him and members of his family down, Newsweek revealed details about his personal life and political leanings. They also published a photograph of Nakamoto and his house; an act viewed as a breach of privacy by many BitCoin champions and fans, that has resulted in the exposure of Nakamoto's home address. Forums dedicated to BitCoin traders and fans have erupted in debate over the article with some calling for action against Newsweek for exposing and endangering the creator of BitCoin.
Anti-Putin Hacker Group Leaks Classified Military Files; Claims More To Come
March 6, 2014 – Announcing a successful hack of Rosoboronexport, the dominant defense exporter for Russia, a group of Anti-Putin hackers leaked thousands of documents pertaining to Russia's military trade with India and other related files. Claiming they breached the security of the Embassy of India in Moscow, the Hackers said they gained access to Rosoboronexport and other businesses by sending infected e-mails from Embassy accounts. The hackers have threatened to release more leaked documents in the future. The company has not yet responded to the leaks.
Manufacturers Releasing Android Phones With Pre-Installed Malicious Apps
March 6, 2014 – Security researchers have discovered that major manufacturers like Samsung, LG and Motorola are producing several versions of Android phones pre-installed with malicious apps. Examples include fake Netflix applications that are designed to steal log in and credit card information. Current investigations of the stolen information reveals that it is sent to Russian networks.
BitStamp, World's Largest Bitcoin Exchange, Has Mailing List Hacked
March 6, 2014 – In another string of bad news for the Bitcoin currency, BitStamp, the world's largest Bitcoin Exchange, admitted that its mailing list has been breached and used to send out malicious e-mails to users. Admitting to the hack only after users reported the messages, BitStamp said they became aware of the breach two weeks earlier. It is unclear what other information – if any – has been compromised. The phishing e-mails are similar to the recent incident with MtGox, the Tokyo-based BitCoin exchanged that was forced to close after a major attack that stole thousands in Bitcoins.
Over 280,000 Stolen Credit Cards For Sally Beauty Discovered For Sale
March 6, 2014 – Sally Beauty, a nationwide beauty product company is the latest victim of credit card data theft after information from 282,000 stolen credit and debit cards was found for sale on a popular Internet crime store. Sally Beauty found evidence of an intrusion into its network recently but investigations suggested that no data had been stolen. Analysis of the stolen credit card information, however, revealed that all cards were used to purchase from the company during the same period of time. Security investigators said there are several similarities between this attack and the massive breach of Target customer data in December.
Smucker's Forced To Shut Down Online Store After Hack
March 5, 2014 – Smucker's has been forced to temporarily close its online store following an attack that may have exposed customer information – including names, addresses, and credit card data. The information was stolen while it was entered by the customer during the check-out process via a sophisticated piece of malware. Security researchers believe the hackers are the same one's who recently targeted Adobe, the National White Collar Crime Center and SecurePay. It is believed all were running an outdated version of ColdFusion software.
NSA Chief Reports Anti-Leaks Legislation Coming Soon
March 5, 2014 – National Security Agency head General Keith Alexander suggested legislation designed to stop or punish media leaks would be forthcoming. Hinting the new laws could begin within weeks at a cyber-security talk on Tuesday, Alexander said “We've got to handle media leaks first. I think we are going to make headway over the next few weeks”. General Alexander is an outspoken critic of media leaks, especially since Edward Snowden's communications on NSA activity.
Russian 'Uroburos' Cyber-Espionage Program Targets Government Institutions
March 5, 2014 – Security researchers have discovered a Russian malware program that has possibly been active for three-years. The malware uses a sophisticated rootkit to steal data and monitor traffic specifically within highly secure systems. Code similarities with previous malware is believed to link the software to the Russian intelligence service. The program infected various European and American government, corporate and research institutions operating Windows before being discovered.
Security Audit Reveals Surprise Vulnerability In Linux
March 5, 2014 – Hundreds of open source applications and services, including Ubuntu, Red Hat and Debian versions of the Linux operating system, have been discovered to possess a security bug in their GnuTLS libraries that allows attackers to bypass SSL and TLS security protections. It is believed the coding error that enables the bug has been present since 2005. The library developer has urged an update to fix the recently discovered problem.
Russia Today's Video News Service, Ruptly, Hit With DDoS Attack
March 4, 2014 – Following yesterday's defacement of the Russia Today (RT) website, the Ruptly international video news agency website has been hit with a distributed denial-of-service attack. Ruptly announced the attack while it was happening this morning. Within an hour service had been restored to the website. Though no one has yet to claim responsibility for this attack, there are on-going DDoS efforts against Russian and Ukrainian sites in regards to recent events.
Meetup Website Faces Several Day Long DDoS Attacks, Temporarily Goes Down
March 4, 2014 – The popular social networking and group meet up website, Meetup.com reports it has been the victim of a massive distributed denial-of-service attack since February 27th, that has periodically taken down its website and mobile apps. In a statement made by CEO Scott Heiferman, the company claims a hacker allegedly hired by a competitor threatened to begin the DDoS attack unless paid $300. Meetup ultimately decided not to pay and, as of today, the website has been restored.
300,000 Hacked Routers Redirect Traffic To Hacker Sites
March 4, 2014 – Security researchers have discovered a scheme where DNS settings were rewritten on 300,000 routers largely in Asia and Europe to redirect users to hacker-controlled sites. The attack has been linked to 3NT Solutions, a United Kingdom based company that has been offline for some time and has not responded to comment since the allegations have been made. While this type of attack is not necessarily uncommon, this case is reportedly the largest in recent memory.
$600,000 Worth Of BitCoins Stolen From Flexcoin Bank After Website Hack
March 4, 2014 – Bitcoin bank FlexCoin has reportedly been hacked, with 896 bitcoins worth over $600,320 stolen from the organization. The website has currently been closed. FlexCoin says the attack occurred on March 2nd and, citing a lack of resources and assets to recover, has shut down immediately. Users who deposited their bitcoins in 'cold-storage' offline servers will be contacted and refunded their currency; meanwhile, users who were not protected in this manner have been directed to FlexCoin's terms of service which state it is not responsible for insuring lost bitcoins.
Syrian Electronic Army Issues Threat To US Government
March 3, 2014 – Members of the Syrian Electronic Army (SEA) have issued a statement saying, "SEA advises the terrorist Obama to think very hard before attempting 'cyberattacks' on Syria. We know what Obama is planning and we will soon make him understand that we can respond." SEA is known for hacking social media accounts and defacing some websites, but they say the attacks against the US government will not be "of the same kind." The first government target appears to be the US Central Command. SEA issued an additional statement saying, "The next attack will prove that the entire US command structure was a house of cards from the start."
Russia Today Website Hacked And Defaced
March 3, 2014 – Russia's largest news channel website, Russia Today, was hacked and defaced over the weekend. A group of unknown hackers breached the website and replaced 'Russia' and 'Russians' with 'Nazi' and 'Nazis'. Russia Today issued a statement saying, "RT website has been hacked, we are working to resolve the problem." After 30 minutes the site was restored to normal.
Hackers Leak Info From Mt. Gox
March 3, 2014 – The hacker known as nanashi is claiming to be a part of a group of hackers that have breached the systems of Mt. Gox. According to the hacker, the breach is an attempt to find out what really happened to the now closed Bitcoin exchange. nanashi says the hackers have access to Mt. Gox source code, a conversation in Japanese between a banker and Mt. Gox's CEO Mark Karpeles, passport scans and personal information belonging to the company's employees. Information that has been leaked so far includes employee email addresses, phone numbers and the Mt. Gox source code.
AnonUkraine Hacks Polish Sites
March 3, 2014 – Members of the Anonymous Ukraine hacking collective have breached and defaced several Polish websites. The hackers say they have targeted the Polish sites as a warning that they may face the same fate as Ukraine. A member of Anonymous said, "Ukraine has suffered a coup and Nazis came to power. Yes, Nazis came to power in a European country in the 21 century! Europe has suffered Nazi terror in the past. Now it may happen again. We want to warn people of Poland that their country is in great danger." The defaced pages included a message that read, "Nazi alert!", and had a picture of a swastika and a link to a video called "Europe. Nazi alert."
UK Intelligence Agency Hacked Webcams Of Millions
February 28, 2014 – It has been revealed that the UK's Government Communications Headquarters (GCHQ) worked with the NSA on an operation called Optic Nerve. The operation was a bulk surveillance program in which they stole webcam images every five minutes from Yahoo users' video chats. The operation targeted Yahoo webcam chats between 2008 and 2010. Within a six month period images of almost 1.8 million users were captured and stored on the agencies' servers. According to leaked information from GCHQ, Optic Nerve was still active in 2012. The purpose of capturing these images was so that they could experiment with facial recognition. Yahoo has denied any knowledge of the operation, and said this activity is "a whole new level of violation of our users' privacy." A GCHQ spokesperson said, "It is a longstanding policy that we do not comment on intelligence matters."
Anonymous Declares Cyberwar On Countries Interfering In Ukraine
February 28, 2014 – Members of the Anonymous collective have released a video declaring cyberwar on countries and organizations that pose a threat to the freedom and independence of Ukraine. In the video Anonymous says, "Members of Anonymous Ukraine are aware of the internal meddling by the United States, NATO and the European Union into the internal sovereign affairs of Ukraine. The people of Ukraine do not want European Union integration. The people of Ukraine do not want NATO on their territory. The Bandera Nazis and fascist thugs that are beating and killing police and members of the security services of Ukraine do not represent the will or the wishes of the people of Ukraine." The hackers want the Ukrainian President Yanukovich to restore order and stability in the country. The video ends with the hackers saying, "We will strike at the web resources of countries and organizations that pose a threat to freedom and independence of Ukraine!"
New Charges Against Hacker Lauri Love
February 28, 2014 – New charges have been brought against British hacker Lauri Love, accusing him of hacking the US Federal Reserve's servers. According to the charges, Love worked with other hackers from October 2012 to February 2013 to gain access to the servers of the Federal Reserve. They used an SQL injection vulnerability to access names, email addresses and phone numbers of Federal Reserve users. He has been formally charged with one count of computer hacking and one count of aggravated identity theft. He faces up to 12 years in prison for these charges. Previously, after being arrested by the UK's National Crime Agency's Cyber Crime Unit, Love had been charged with hacking into the systems of the US Army, the Missile Defense Agency, NASA, the military's Plans and Analysis Integration Office and the Environmental Protection Agency. A representative from the FBI said, "Cyber crime knows no boundaries and justice will not stop at international borders. The FBI is committed to working with private and public entities to stop computer intrusions and prevent hackers from harming victim companies and individuals. We thank the Federal Reserve Bank of New York for its assistance in this investigation."
Ukrainian Government Sites Targeted By Hackers
February 28, 2014 – The websites of the Ukranian Parliament and the Right Sector Nationalist Movement have been attacked by hackers. Distributed denial-of-service attacks have been launched against six government run sites in the latest online attacks. At the time of this writing the parliament website has been restored, but the other sites are still offline. Hackers have been attacking Ukranian government sites since November.
World Cup Cyber Attacks Threatened
February 27, 2014 – Brazilian hackers have issued a statement threatening to launch attacks to disrupt the World Cup in June. The hackers say the attacks will include distributed denial-of-service attacks against websites and data theft. The hacker known as Che Commodore said, "The attacks will be directed against official websites and those of companies sponsoring the Cup." General Jose Carlos dos Santos, the head of the cybercommand for Brazil's Army said, "It would be reckless for any nation to say it's 100 percent prepared for a threat. But Brazil is prepared to respond to the most likely cyber threats."
Bitcoin Exchange Hacked, $30,000 Stolen
February 27, 2014 – Crypto-Trade, a Hong Kong based Bitcoin exchange, has announced that it suffered a hack in which $30,000 was stolen. This comes only days after MtGox announced it was closing due to a hack that stole over $300 million. Crypto-Trade posted a statement on their site saying, "We discovered a bug in our system which allowed someone to hack around $30,000. All coins are safe and we will pay (for the loss) . . .Crypto-trade.com will open back in 24 - 48 hours with trading halted. You will be able to withdraw your coins. When all users (are) refunded, we will close the website for an undetermined period (2 - 3 weeks estimated) in order to fix our software and make a security audit to reopen later in best conditions."
Indiana University Suffers Data Breach
February 27, 2014 – Indiana University has notified 146,000 students and recent graduates that their names, addresses and social security numbers may have been compromised during a data security breach. The administration says the breach was not a targeted attack, rather the information was accidentally stored in an insecure location and was downloaded by three automated webcrawling programs. James Kennedy, a University Associate Vice President said since this was not a targeted attack, "the chance of sensitive data falling into the wrong hands . . . is remote."
Korean Hackers Arrested For Stealing Data
February 27, 2014 – Three hackers have been arrested by South Korea's Incheon Metropolitan Police Agency for allegedly hacking 225 websites and stealing personal information of 17 million people. Some of the sites they are accused of hacking include real estate and trading services, the Korean Dental Association, the Association of Korean Medicine and the Korean Medical Association. The charges say that they sold the stolen data to loan companies and chauffeur services for about $93,000. Six other individuals are also being investigated as part of this criminal operation.
360 Million Records Stolen From FTP Servers
February 26, 2014 – Security researchers have found 360 million stolen credentials and 1.25 billion records containing only email addresses available for purchase online. It appears that the records were stolen in different attacks, with the most significant hack resulting in 105 million credentials. The researchers believe that these records were stolen in hacks that have not yet been revealed, meaning that some organizations may not be aware they've been breached. A this time the researchers are attempting to identify and notify the victims.
EC-Council Denies Being Hacked
February 26, 2014 – Earlier this week it was reported that a hacker claimed to have breached the website of the EC-Council, an organization that provides Ethical Hacker certifications. The EC-Council is now denying these reports saying that the hacker used a DNS hijack to redirected visitors to a defacement page hosted in Finland. The council posted a statement saying, "EC-Council's Security Team has confirmed no access to any EC-Council Servers was obtained, the domain redirection was done at the DNS Registrar and traffic was re-routed from Authentic EC-Council Servers to a Host in Finland known for hosting other illegal websites." The council is working with the FBI and international law enforcement to identify the hacker.
Z Hacking Crew Takes Down English Defence League Site
February 26, 2014 – Members of the Z Hacking Crew are claiming to have taken down the website of the English Defence League. The hackers posted a statement early this morning saying, "englishdefenceleague.org tango down again lol." No reason was given for the attack. At the time of this writing the site is offline.
Philippines Government Sites Targeted By Anonymous
February 26, 2014 – Members of the Anonymous collective have hacked several Philippines' government websites in a protest against a provision of the Cybercrime Prevention Act. The targeted sites include the Office of the Vice President, the PNP Command Center, the National Telecommunications Commission, the Pilipinas Anti Piracy Team, the DOST Information Network, the Technical Education and Skills Development Authority, the Philippine Embassy in Italy and several city and municipalities. The hacktivists posted a message saying, "In the year 2012 politicians and lawmakers came up of the bill that kills the right of the people to freely express their opinion and freedom of speech through the Internet . . . This is our way to express and oppose the bill that may destroy the future of the Internet in the Philippines." Some of the affected sites have been restored, but many remain offline.
Anonymous Targeting 'Facebook Pedophiles'
February 25, 2014 – Members of the Anonymous collective are starting a new campaign targeting Facebook pages which share images of underage children in underwear or swimsuits. The hacktivists believe that the pictures are usually stolen from parents' pages and then distributed through websites, groups and pages on Facebook. The first target of the campaign is a Facebook page called "S*** Little Girls. An Anonymous member posted a message saying, "Facebook will not take this page down so we are Anonymous and we will take matters into our own hands."
Google Paraguay Hijacked
February 25, 2014 – The Iranian hacker known as Mormoroth hacked the Network Information Center of Paraguay (NIC), and used the access to alter the DNS records for Google Paraguay to redirect visitors to a defacement page. The hacker exploited a remote code execution vulnerability to hack NIC, and has leaked user credentials and other information from their database. He only leaked the information because Paraguayan authorities said there wasn't any hack, so he felt the need to prove them wrong. Google's systems were never breached by the hacker.
World Wildlife Fund Site Hacked
February 25, 2014 – The Indonesian hacking group known as Gantengers Crew have breached and defaced the website of the World Wildlife Fund. The group also hacked the website of Earth Hour Philippines. Both websites were defaced with the same message reading, "Gantengers Crew Hacked you! :) Hacked WWF-Philippines, Indonesian h4x0r back! Greets / sh00ts To All Muslim hackers!" No reason for the attacks were given. At the time of this writing both websites have been taken offline.
Venezuela Internet Shut Down
February 25, 2014 – The Electronic Frontier Foundation reported that Venezuelan Internet has lost connectivity. It is believed that this a government response to the protests against President Nicolas Maduro and his administration. Venezuela's media regulation network CONATEL is saying that the outage is not due to the protests, and blame hackers working for the opposition. Maduro has admitted that he ordered the shut down of news network NTN24 because it was attempting to "torment anxiety about a coup d'etat."
Ethical Hacker Website Hacked
February 24, 2014 – The website for EC-Council, an organization that provides Ethical Hacker certifications, has been breached by the hacker known as Eugene Belford. Belford posted a defacement message that reads, "Owned by certified unethical software security professional." It appears that the hacker used a DNS hijacking attack to deface the site and possibly gain access to their email. Belford later updated the message saying, "It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to (Law Enforcement and Military) officials." If the hacker gained access to the EC-Council email, he may have access to email correspondence with law enforcement and military personnel.
South Korea To Develop Stuxnet-Like Cyberweapons
February 24, 2014 – South Korea's defense ministry has proposed building Stuxnet-like cyberweapons to destroy North Korean nuclear facilities. The first part of South Korea's plan is to conduct online propaganda operations through the use of North Korean social networking and social media services. A senior military official said, "Once the second phase of the plan is established, the cybercommand will carry out comprehensive cyberwarfare missions." Security experts are warning that using cyberweapons to physically damage critical infrastructure can backfire. As an example, Stuxnet's spread was impossible to predict or control. Experts worry that the South Korean code could rebound and end up damaging South Korean infrastructure that uses the same technologies as the North Korean nuclear facilities.
Philippines' Government Site Breached By Portuguese Hacker
February 24, 2014 – The Portuguese hacker known as Touch is claiming to have breached and defaced the website of the City of Cebu, the second largest city in the Phillipines. The defacement page reads, "Owned By Touch. Security Touched By Portuguese Hacker." City of Cebu representatives said that they are not sure why anyone would target their website since it doesn't store any classified information. At the time of this writing the website is still offline.
YouTube Ads Distributing Banking Malware
February 24, 2014 – Security researchers have discovered a YouTube link that leads users to an exploit kit website. The cybercriminals have built an ad network that's used to serve advertisements on YouTube, which leads users to a site hosting the Styx exploit kit. The kit leverages Java vulnerabilities in order to push malware that steals banking information to the victims' devices. The command and controls servers have been traced to Europe. Google has been notified of the attack, but there has been no comment at this time.
Namecheap's DNS Platform Hit With DDoS Attack
February 21, 2014 – The DNS platform of Namecheap, a domain registrar and web hosting company, was hit with a large scale distributed denial-of-service attack. The attack lasted for about 3 hours, however services were not fully restored for almost 11 hours. According to a statement posted by Namecheap, the attack targeted around 300 domains on the DNS platform. The statement said, "Our DNS platform is a redundant, global platform spread across 3 continents and 5 countries that handles the DNS for many of our customers. This is a platform meticulously maintained and ran, and a platform that successfully fends off other DDoS attacks on an almost-daily basis. Today, however, I am compelled to announce that we struggled. The sheer size of the attack overwhelmed many of our DNS servers resulting in inaccessibility and sluggish performance. Our initial estimates show the attack size to be over 100Gbps, making this one of the largest attacks anyone has seen or dealt with.”
United Nations Internet Governance Forum Breached
February 21, 2014 – The hacking group DeleteSec are claiming to have breached and leaked data from a United Nations based website. The leaked data includes 3,215 user names, email addresses and encrypted passwords. The Internet Governance Forum's purpose is to support the United Nations Secretary-General in carrying out the mandate from the World Summit to "provide an interactive, collaborative space where all stakeholders can air their views and exchange ideas." The hackers did not give a reason for the attack. At the time of this writing the website is operating normally.
Hackers Target Churches Of Scotland And Cyprus
February 21, 2014 – The Saudi Arabian hacker known as SeCuRiTy_511 is claiming to have breached the websites of the Church of Scotland and the Church of Cyprus. Almost 3,000 user details have been leaked from the sites. The leaked information includes names, email addresses, password hashes and administrator credentials. These attacks are a part of a larger campaign of Muslim hackers targeting Christian sites.
Israel Electric Opens Cyber War Room
February 21, 2014 – Israel Electric, Israel's main power company has announced that they have opened a cyber war room, which will focus on stopping attacks from hackers. The company will staff the room 24 hours a day in an attempt to monitor and block as many as 400 million cyber attacks a day. The state-owned Israel Electric generates, transmits and distributes nearly all of the electricity used in the country. Chairman Yiftach Ron-Tal issued a statement saying, "There are hundreds of thousands of attempts to infiltrate Israel Electric's networks every day. We are talking here about a threat on a national level. There is no doubt that cyber is and will be the most significant battlefield of the present and the future."
Salesforce.com Targeted By New ZeuS Variant
February 20, 2014 – Security researchers have discovered a new variant of the banking trojan known as ZeuS. This variant does not target banking credentials, instead it uses web-crawling to target Software-as-a-service (SaaS) applications and steal proprietary data or code. The researchers found a targeted attack against Salesforce.com users, which began spreading through a Salesforce employee's home computer. The malware created a real time copy of the user's Salesforce.com instance which contained all the information from the company account. It is still not known who is behind these attacks, but researchers warn it could be used against any SaaS application to steal business data and customer information.
University Of Maryland Hacked, Info Of 300,000 Staff And Students Compromised
February 20, 2014 – The University of Maryland has confirmed that over 300,000 records of staff, students and affiliates have been stolen during a recent breach of their systems. According to the school no financial records, academic, health or contact information was stolen. President of the University, Wallace D. Loh sent a letter to those affected saying that names, social security numbers, dates of birth and University ID numbers were compromised. In the letter he wrote, "The University was the victim of a sophisticated computer security attack that exposed records containing personal information. I am truly sorry. Computer and data security are a very high priority of our University."
Turkish Ajan Hacks Nepali ISP
February 20, 2014 – Members of the Turkish Ajan hacking group are claiming to have hacked Mercantile Communications Pvt. Ltd., a major Nepali Internet service provider. The hackers say that there is no particular reason they targeted Mercantile, they just wanted to announce their return. They have leaked database structure information and over 100 files containing the names and email addresses of employees. The hackers say they also have phone numbers and physical addresses, but haven't released the information to protect the individuals. According to the representative of the group, Turkish Ajan will now be targeting government organizations, mainly in the United States, Israel and China.
Austrian Energy Provider Hacked
February 20, 2014 – Austria's Energie Steiermark has issued a statement saying that their systems have been breached. The attack only breached a web server that hosts information on gas customers, no financial information is stored on this server. The company is still trying to determine if any information has actually been stolen. The attack was discovered when an internal warning system was triggered. It is unclear who is behind the attack, or what their motive is. State police and CERT Austria are working with Energie Steiermark to investigate the incident.
Syrian Electronic Army Hijacks FC Barcelona Twitter Accounts
February 19, 2014 – The Syrian Electronic Army (SEA) has hacked three official twitter accounts of the FC Barcelona soccer team. SEA posted messages on the accounts that said, "Dear FC Barcelona management, Don't let the Qatari money funds you, it's full of blood and kill." The hacked accounts were the Spanish, Catalonian and English accounts for the team. The messages were deleted from the Spanish and Catalonian accounts within 10 minutes, but the English account took longer to restore. SEA has said that the attack on FC Barcelona is now over.
US Army Website Taken Down By Hackers
February 19, 2014 – Members of the DerpTrolling hacking group are taking credit for the US Army Knowledge Online website (us.army.mil) being down for the past several hours. The hackers posted a message saying, "All Hail Gaben! We will show the infidels the way back to hell! Lord Cage welcomes you." Gaben is the nickname for Gab Newell the co-founder and managing director of Valve. The official home page of the US Army (www.army.mil) is operating normally. At the time of this writing us.army.mil is still down.
Z Company Hacking Crew Hacks Official Indian Sites
February 19, 2014 – Members of the Z Company Hacking Crew (ZHC) are claiming to have hacked two official domains of India's national portal. The hackers left a message on the sites saying, "ZHC was here! Owns Indian National portal. It has been 65 years since your invasion of our lands but the fire of freedom still burns in our hearts." The attack is a protest against India's occupation of the Kashmir region. At the time of this writing the defacement message was still displayed.
Iran Says They Are Ready For Cyber War
February 19, 2014 – General Mohammad Aqakishi, the commander of the IT&C department of the General Staff of the Iranian Armed Forces announced that Iran is ready to handle any cyberattacks that might be launched. He said, "One of the options on the table of the US and its allies is a cyber war against Iran. But we are fully prepared to fight cyber warfare." The General said that Iran has made significant progress in IT and their military has taken advantage of these new technologies.
Forbes Accuses SEA Of Blackmail
February 18, 2014 – Forbes has published an article with details about the Syrian Electronic Army (SEA) attack from last week. In the article Forbes confirms that SEA used spear-phishing emails to obtain employee passwords to the publishing systems. The hackers reportedly sent an email showing information captured from the publishing database, and said that the attack would stop if 'fees' were paid. SEA representatives responded to these claims by saying, "Dear Forbes, making a fake story (we requesting 'fees') after we posted a joke about selling the data is not the good way to defend yourself. Just for future notice, we would never ask for money in return for anything. All we ask for is your support." SEA continued by saying, "We didn't publish the user table of Forbes to show off, but because they deserved to be embarrassed. We have access to bigger user tables than Forbes one but Forbes has been so unethical that they deserved it." Forbes is currently in the process of notifying the million subscribers that were compromised.
$2.5 Million In Bitcoins Stolen In Silk Road 2.0 Hack
February 18, 2014 – Silk Road 2.0, the online black market site, has posted a statement saying, "We have been hacked." The breach has resulted in approximately $2.5 million in Bitcoins being stolen. The Silk Road statement continued, "Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as 'transaction malleability' to repeatedly withdraw coins from our system until it was completely empty."
Hackers Claim To Have 828 Gb of Data From Sands Casino
February 18, 2014 – Last week it was reported that several websites belonging to Sands Casino were hacked and defaced. The hackers behind that attack are now claiming to have stolen 828 Gb of files from the casino's systems. A video has been posted by the hackers showing that they have the stolen information stored on a local hard drive. The files include budget information, details on IT systems, passwords and user data. The company has confirmed that employee information has been compromised, but they have not yet determined if customers have been impacted. There is no evidence that gambling systems or customer financial information has been compromised. The hackers targeted the company after their CEO, Sheldon Adelson said that the United States should drop a nuclear bomb on Iran.
Two Students Arrested For Hack Of Data Infosys
February 18, 2014 – Two Indian students, Kulshrestha Varma and Hardik Sud, have been arrested and charged with hacking into the systems of Data Infosys and fraudulently recharging prepaid mobile phones. It is alleged that Varma and Sud hacked into Data Infosys' website and accessed the e-processing systems to recharge 500 mobile phones. The total amount stolen is believed to be $12,872. Authorities will continue their investigation, as they believe there are more people involved in this operation.
SEA Leaks 1 Million Forbes' Users Details
February 17, 2014 – Last week it was reported that the Syrian Electronic Army (SEA) hacked Forbes Magazine. Over the weekend, SEA followed up the hack with the release of information belonging to over 1 million Forbes customers. The leaked information includes email addresses and login information. Originally SEA tried to sell the information, but then released it for free. Forbes posted a statement saying, "Users' email addresses may have been exposed. The passwords were encrypted . . . We have notified law enforcement. We take this matter very seriously and apologize to the members of our community for this breach."
Kickstarter Hacked, Customer Data Leaked
February 17, 2014 – The online crowdfunding website, Kickstarter has confirmed that hackers have stolen some of its customers' information in a breach that occurred last week. According to Kickstarter, the leaked information includes passwords, phone numbers and email addresses. Kickstarter CEO Yancey Strickler said that no credit card data was accessed and that the breach has been repaired. Strickler posted a statement saying, "We're incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways."
Facebook's Zuckerberg Has Timeline Hacked
February 17, 2014 – The Egyptian hacker known as Dr. FarFar is claiming to have removed Mark Zuckerberg's Facebook timeline cover photo. According to the hacker he was able to leverage a private exploit to remove the photo. The cover photo was missing for a few hours, but there is no evidence that the account was actually hacked. Facebook representatives issued a statement saying, "There is no merit to this claim. We have confirmed there was no suspicious activity on the account."
Venezuelan Government Sites Hacked In Response To Student Killings
February 17, 2014 – Several Venezuelan government websites have been hacked and defaced in protest of the killing of three students during clashes between demonstrators and police. The hacktivists, from Venezuela, Mexico, Argentina and Colombia, have targeted at least seven sites. Along with the defacements, the hackers have posted instructions on how to bypass the Venezuelan government's censorship system and how to anonymize your identity online. Several of the websites are still defaced at this time.
Syrian Electronic Army Hacks Forbes
February 14, 2014 – The Syrian Electronic Army (SEA) is taking responsibility for hacking several Forbes websites and three Twitter accounts. The hackers compromised the Wordpress Administration panel of the Forbes website and edited several articles. The Twitter accounts that were hacked belonged to the Social Media Editor Alex Knapp, personal finance reporter Samantha Sharf and the ForbesTech account. SEA issued a statement saying, "The Syrian Electronic Army attacked Forbes because many articles against the SEA were posted on Forbes, also their hate for Syria is very clear and flagrant in their articles."
UNICEF And NY Times' FTP Servers Compromised
February 14, 2014 – Administrator credentials for over 7,000 FTP servers are allegedly in the hands of cybercriminals. Security researchers have said that the list of servers includes ones belonging to UNICEF and the New York Times. The cybercriminals are using these servers to host malware, scam websites, exploits and other content. The compromised servers also belong to various other organizations including small businesses, ISPs, multinational corporations and individuals from all over the world. A New York Times representative said that they are currently working on securing the server, while UNICEF issued a statement saying that the affected server is part of a system that is no longer active.
Sochi Olympics Email Leads To Banking Trojan
February 14, 2014 – A new spam email campaign has been launched advertising an Olympics live streaming app for Android devices. The title of the email is, "Olympic live stream in Sochi". The email contains a link to a website that hosts an application file called "olympic.apk". When the file is downloaded it launches a banking Trojan, which contacts a command and control server and sends information from the infected device.
IE Zero-Day Exploit Being Served From US VFW Website
February 14, 2014 – Researchers have discovered a new zero-day exploit on the US Veterans of Foreign Wars' website. Cybercriminals are using the exploit in an operation they are calling "SnowMan". The researchers believe that this is part of a larger attack against US military personnel. The attack is being credited to a group of criminals that were behind previous attacks against the US government, defense companies and law firms. Microsoft has confirmed that the exploit impacts IE 9 and 10, and recommends that companies update to version 11.
30 Vulnerabilities In Java Cloud Service
February 13, 2014 – It is being reported that 30 Java Cloud Service security vulnerabilities have been discovered. All of these vulnerabilities have been confirmed by Oracle. At least 15 of them can be exploited to bypass the Java security sandbox. The company was notified by researchers of these flaws in late January. Oracle has not issued any statement or timeline for when these issues will be fixed.
National-Socialist Party Of Canada Breached, Details Leaked
February 13, 2014 – The hacker known as nairb is claiming to have hacked the website of the National-Socialist Party of Canada. The hacker leaked the information of over 1,000 members including names and email addresses. Other database files, including one containing MySQL credentials, were also leaked. The National-Socialist Party of Canada is a Neo-Nazi organization that advocates for Canada to be "an independent nation of White citizens sovereign in its own living space." The hacker also posted a message saying, "Racists, fascists and hate-mongers beware, nairb is here."
DDoS Disrupts UK Ministry Of Justice Site
February 13, 2014 – The United Kingdom's Ministry of Justice website was hit with a distributed denial-of-service attack. The hackers that launched the attack said the site was targeted because the Ministry of Justice has not condemned the NSA's surveillance. The Ministry posted a statement saying, "The Justice website is now back up and running. Sorry for any inconvenience the downtime caused." The site is now operating normally after being down for about three hours.
Japan Records Over 12.8 Billion Cyberattacks In 2013
February 13, 2014 – A recent report shows that Japan saw over 12.8 billion cyberattacks targeting their government and other organizations in 2013. This is the largest number recorded since attacks began to be tracked in 2005. A spokesperson from the National Institute of Information and Communications Technology said that cyberattacks originating from China, the United States and emerging countries have been growing. The number of cyberattacks grew 64.1% over the 7.8 billion attacks tracked in 2012. The attacks included distributed denial-of-service and system probes used to determine if servers were vulnerable.
CloudFlare Hit With 400Gbps DDoS Attack
February 12, 2014 – Hackers launched a massive distributed denial-of-service attack targeting the European data servers of content-delivery and anti-DDoS firm Cloudflare yesterday. The attack reached more than 400Gbps at its peak of traffic, which is the largest reported attack to date. Cloudflare CEO Matthew Price released a statement saying, "Very big NTP reflection attack hitting us right now. Appears to be bigger than the Spamhaus attack from last year. Mitigating."
Sands Casino Website Defaced
February 12, 2014 – Members of the Anti WMD Team hacking group are claiming to have breached and defaced the websites of the Sands Casino and its subsidiaries. The defacement page features a map of the world with the locations of Sands Casinos marked with flickering flames. The message on the page reads, "Damn A, Don't let your tongue cut your throat. Encouraging the use of weapons of Mass destruction, Under Any condition is a Crime." The defacement also included personal information of Sands employees such as email ids, social security numbers and other information. A total of eight sites have been affected including the Sands official site. All of the impacted sites are currently showing a "Undergoing Maintenance" message. Sands has issued a statement saying they are working with law enforcement to investigate the incident.
Anonymous Attacks GCHQ Websites
February 12, 2014 – Yesterday, members of the Anonymous collective launched a distributed denial-of-service attack against the website of the UK's GCHQ. The attack was in support of the "The Day We Fight Back" anti-surveillance protests. It has been confirmed that the website experienced "noticeable performance issues", but it has not been confirmed what caused those issues. At this time it seems that attack originated in Romania, but the investigation is on-going.
RedHack Leaks US Embassy Staff Information
February 12, 2014 – Members of the RedHack hacking group have leaked the personal information of 36 staff members of the US Embassy in Turkey. The leaked information includes names, email addresses and phone numbers. According to one of the hackers the leak was in memory of one of the founders of the Turkish People's Liberation Army. The hackers say they are protesting the government of the United States, but not the people. Along with the leaked information, the hackers posted a message saying, "Go Home Yankee."
Details Of Seven Year Cyber Espionage Campaign Revealed
February 11, 2014 – Security researchers have released the details of an advanced cyber espionage campaign dubbed “The Mask” which has been ongoing since at least 2007. According to researchers, The Mask campaign has been targeting government agencies, energy companies and other high-profile organizations spread out across a total of 31 countries in the America, Africa, Europe and the Middle East. It is believed the cybercriminals are from a Spanish-speaking part of the world, as they have been using the Spanish language to communicate with one another. The attackers are also said to have a large arsenal of cybercrime tools at their disposal, including a bootkit, a rootkit, malware for Max OS X and Linux and possibly Android and iOS variants of sophisticated threats. The cybercriminals have been distributing the sophisticated malware with the aid of spear-phishing emails sent to victms; these emails contain links to websites which host the exploit kit, and depending on the victim's system configuration, an appropriate type of malware is served. It is believed the main objective of these cybercriminals is to collect sensitive information from networks of government institutions, energy, oil and gas companies, diplomatic offices and embassies, research organizations and even activists.
US Law Firm Attacked By CryptoLocker Ransomware
February 11, 2014 – A U.S. law firm based in Charlotte, North Carolina is reporting that it has fallen victim to a cyberattack which leveraged the CryptoLocker ransomware. According to reports the attackers were able to infect one of the company's servers before sending out fake voicemail notifications which contained the ransomware as an attachment. Representatives of the company stated they lost access to thousands of legal documents, however, no confidential information was stolen. Once the law firm's IT department failed to recover the files, it agreed to pay the $300 fee to get them back, however at this point experts believe it is too late. CryptoLocker is a ransomware which instructs victims of infected machines to pay a ransom fee within 72 hours to recover their lost files.
Mass Protests Launch Today In Opposition Of NSA Mass Surveillance
February 11, 2014 – Mass Protests Launch Today In Opposition Of NSA Mass Surveillance
Some of the leading tech companies of the US are taking part today in a massive protest against the NSA's policy of mass surveillance, known as “The Day We Fight Back.” Over 5,700 websites are hosting banners on their homepages today urging Internet users to call and email members of Congress and ask them to vote against the proposed NSA reforms that the American Civil Liberties Union has labeled “bad for privacy.” The event comes two years after 8,000 websites went black to protest bills that would have given the government free reign to remove websites that were found to violate the Stop Online Piracy Act and the Protect IP Act. Some of the notable participants in the protest include, Facebook, AOL, Twitter, LinkedIn, Yahoo and Reddit. The banner used by participants will read, “Dear Internet, we're sick of complaining about the NSA. We want new laws that curtail online surveillance. Today we fight back.”
Nigerian Government Websites Hacked by Syrian Anonymous
February 11, 2014 – Members of the Syrian Anonymous group, a sub group of the larger Anonymous collective, has managed to hack and deface a total of 25 Nigerian government websites. The list of websites hacked includes the Ministry of Justice, the Ministry of Finance, the Ministry of Education, the Ministry of Power, the Nigerian Christian Pilgrim Commission, the Federal Neuro Psychiatric Hospital Yaba and the Federal Ministry of Science and Technology. There is no known motive for the attacks on Nigerian websites. At the time of this writing, several of the websites have restored, others have been taken down and some are still defaced.
Bank of America Customers Target Of Massive Malware Distribution
February 10, 2014 – Security researchers have identified a new malware distribution campaign aimed add customers of Bank of America. The malware, which is part of the Bredo family of Trojans, leverages traffic volume in an effort to evade filtering engines. Cybercriminals have been sending out fake emails which contain the malware to customers of Bank of America; once the malware is opened it steals sensitive information, including banking data from infected devices. It should also be noted that the Trojan is also capable of downloading other malicious elements onto affected computers. According to researchers the malware was only identified by 11 anti-virus engines.
Barclays Customer Data Stolen, Thousands Of Files Leaked
February 10, 2014 – It is being reported that an Anonymous whistleblower has provided a memory stick with the personal details of 2,000 Barclays' customers. The whistleblower says this is only a sample from a database of 27,000 files. The leaked files are said to contain highly sensitive information, including customers' earnings, savings, mortgages, health issues, insurance polices, passport numbers and national insurance numbers. An investigation has already been set up with both Barclays and the Police working together to solve the crime. It is not yet clear how the data was stolen, however Barclays has stated it has begun notifying investors of the possible breach.
RedHack Begins Attacks In Opposition Of New Internet Law
February 10, 2014 – Members of the RedHack group have remained true to their word and have began attacking websites on Turkish cyberspace. The group is protesting, along with other activists and hacktivists, the new Internet law which they believe seriously limits the freedom of speech of Turkish citizens. The group has leaked two dozen records which contain the phone numbers of police chiefs and superintendents, and have stated this is only the first phase of the attacks. The group then defaced the website of the Kars Municipality, the Gas Distribution Authority of Sakarya and the website of the City of Amasya, from which the hacktivists also leaked AKP (Justice and Development Party) membership applications. The Ministry of Education was also attacked by the group , which leaked invoices and expenditures of the school. The controversial new law has been heavily criticized not only by Turkish citizens but also by members of the EU as well.
Website of Nepalese President Hacked And Defaced
February 10, 2014 – Two different hackers have breached and defaced the official website of Nepal's Office of the President. The first hacker, the Iranian Dr. 3v1l, uploaded a defacement page to the website and leaked some information including administrator user names and passwords. A second hacker of Indian origin was also able to exploit the vulnerability to deface the website's homepage. There is no known motive for the hack and at the time of this writing the website has been restored to its working condition.
Anonymous Releases Message To Russia As Part Of OpSochi
February 7, 2014 – With the Winter Olympics kicking off in Sochi, Russia members of LegionOps a subgroup of the Anonymous collective have issued a warning statement to Russia as part of its OpSochi campaign. The group is demanding the Russian Winter Olympics stop animal cruelty and the use of animals for entertainment and sport. The group is threatening to launch DDoS attacks on various Russian government websites, as well as defacing and leaking sensitive information. A target list including over 25 Olympic related websites has been provided by the group.
Huawei Hacks Indian Telcom Company
February 7, 2014 – According to a new report, Chinese telcommunications company, Huawei, has allegedly hacked into the network of Indian state-owned telecommunications company, Bharat Sanchar Nigam Limited (BSNL). Allegedly, Huawei engineers hacked into a mobile tower owned by BSNL in the Costal area of Andhra Pradesh in October 2013. Minister of State for Communications & IT, Killi Kruparani has stated, "The government has constituted an inter-ministerial team to investigate the matter." The investigation will be led by a team of top officials from the National Security Council Secretariat, the Intelligence Bureau, the Union Home Ministry and BSNL themselves. The Indian government suspects this hacking may be an "inter-corporate" rivalry between Huawei and ZTE, a Chinese telcom company which was offered a major part of BSNL's network in 2012.
Turkmenistan Banks Hacked By Dr.SHA6H
February 7, 2014 – Syrian hacker, Dr.SHA6H is continuing his effort to bring attention to the situation in Syria by hacking and defacing the official websites of two Turkmenistan state-owned banks. The banks targeted by the hacker were, the Turkmenbashi Bank and the PrezidentBank; the homepages of both websites were defaced with a message. On the website of Turkmenbashi Bank Dr. SHA6H left a message urging the U.S. and other countries to intervene in the situation in Syria, as the U.S. has done for other countries in need of help. In addition to hacking the banking websites, Dr.SHA6H has also defaced the government owned website of the Union of Industrialists and Entrepreneurs of Turkmenistan, the Nowruz Festival website, and the Research Institute of Earthquake Engineering. At the time of this writing the defaced websites have been restored to their normal settings.
Anonymous Threatens Release Of Singapore Government Employee Information
February 7, 2014 – Members of the Anonymous hacking collective are threatening to leak the personal details of Singapore government employees in protest of the recent arrests of individuals allegedly tied to the Anonymous collective. The names, government email addresses, dates of birth, phone numbers and passport numbers of 10 individuals has been released as a sample to prove that they have obtained the sensitive information. The collective claims the stolen information is from a Singaporean security company, "that does much business (with) government." The hackers have stated they will leak details of thousands of people if the government does not "begin to show a sense of justice and fairness."
Syrian Electronic Army Hacks Mark Monitor, Close To Hacking Facebook
February 6, 2014 – Early this morning members of the Pro-Syrian hacker group, Syrian Electronic Army (SEA), have hacked the domain management brand, Mark Monitor. One member of SEA confirmed that they were minutes away from changing the DNS details of Facebook, however before the changes could be made Mark Monitor disabled their portal. However the group was able to change the registrant information of Facebook to Damascus, Syria, and provided a screenshot of the change. Mark Monitor manages the domains of many of the world's biggest companies, such as Google, Yahoo!, Amazon and Facebook, the group has also provided a screenshot of the Mark Monitor Administration panel. At the time of this writing the registrar data of Facebook appears to have been restored.
Comcast Targeted by NullCrew Hackers
February 6, 2014 – Hackers of the NullCrew group are claiming to have hacked into the systems of Comcast, a major telecom company, after exploiting a local file intrusion vulnerability in a mail server. The group has released a statement which reads, “Hello there beautiful people of the internet, once again; we here at NullCrew have some fun information for you. This time, our target is Comcast, yet another internet service provider who proclaims to be a secured one; shall we test these claims as well?” The hackers were first able to obtain a list of Comcast mail servers running Zimbra, an email server and web client software before finding the local file intrusion flaw on the servers. By leveraging this vulnerability the group was able to gain access to usernames, passwords, and other sensitive information. Comcast has yet to make an official statement regarding the hack.
RedHack Plans Protest Against Turkey's New Internet Law
February 6, 2014 – Hackers of the RedHack hacking group are planning a protest after Turkey's parliament approved controversial changes to Turkey's Internet Laws, which will allow authorities to block access to certain websites. RedHack, along with other hacktivists and activists, is preparing to protest against the new law, which they say limits freedom of speech. A RedHack representative has stated, “Education is a necessity and corruption sucks...This law is designed to suppress people more and silence them in order to stop them from criticizing the AKP government. This is fascism. If people don't react, their rights and freedoms will be stripped from them at all levels.” RedHack has also stated it intends to leak data stolen from the systems of Turkcell before the planned demonstrations. The demonstrations are schedule to start February 8, 2014.
Monsanto And WWF Attacked By Anonymous As Part Of OpGreenRights
February 6, 2014 – As part of its ongoing Operation Green Rights effort, members of the Anonymous collective have attacked the websites of Monsanto Fund, the charity organization of Monsanto agricultural company, the Round Table on Responsible Soy (RTRS), and the Italian and Indonesian websites of the World Wildlife Fund (WWF). Members of the collective launched several distributed denial of service attacks, as well as dumping the database for the Round Table on Responsible Soy. Members of the Anonymous collective also launched several distributed denial of service attacks on the websites of Monsanto South Korea, as well as websites of Italian energy companies in December 2013. At the time of this writing no official statement has been made by any of the companies affected.
Report: US Government Easy Target For Hackers
February 5, 2014 – According to a recent report written by Senator Tom Coburn and other staff members at the Homeland Security and Governmental Affairs Committee, several government agencies are leaving themselves open to hacker attacks by neglecting to implement simple fixes to network problems. The report states that the United States has spent almost $65 billion since 2006 on securing computers and networks, but agencies "continue to leave themselves vulnerable, often by failing to take the most basic steps towards securing their systems and information." In response to the report, the White House admits there is still more work that needs to be done. Special Assistant to the President on cybersecurity policy, Michael Daniel, said, "Almost every agency faces a cybersecurity challenge. Some are farther along than others . . . It often depends on whether they've been in the crosshairs of a major cyber incident."
Anonymous Issues "Final" Warning For OpFunKill
February 5, 2014 – Members of the Anonymous collective have been attempting to raise awareness of animal abuse with Operation Fun Kill. They have issued a new video that says they have issued a final warning to their targets. The hacktivists say, "We have been researching, probing, scanning, and preparing to strike. Our targets have been warned and soon it will be time to act! We are Operation FunKill; a united collective of operations, hackers and activists who stand together against cruelty." Previously targeted websites have suffered distributed denial-of-service attacks.
RedHack Leaks Data From Vodafone
February 5, 2014 – Members of the RedHack hacking collective have leaked data from Vodafone. The data was stolen in RedHack's breach of their systems earlier this week. The leaked information includes names, dates of birth, phone numbers and voicemail delivery dates. The hackers posted a statement saying, "Vodafone has shown great interest in controlling the global internet and lobbies USA and EU to give them the biggest piece from the cake. But yet again they are unable you protect their own systems." Phone numbers and last names have been deleted "to protect the public." According to the hackers they have leaked this information to show that Vodafone is logging voicemails.
Pakistani Hackers Continue Attacks Against Indian Sites
February 5, 2014 – Several different Pakistani hacking groups have launched attacks against Indian banks and government websites. The Hackers Army is reporting that they have breached and defaced the website of India's State Bank of Patiala., Members of the Team Maximizers hacking group claim to have defaced several subdomains belonging to the State of Kerala. In addition, the Pakistan Haxors Crew is claiming to have hacked and defaced the West Bengal State Coastal Zone Management Authority and a portal of the Damodar Valley Corporation.
New Data Security And Breach Notification Act Introduced
February 4, 2014 – Senators Dianne Feinstein, John Rockefeller, Mark Pryor and Bill Nelson have introduced a new bill that will provide a federal standard for data security and breach notifications. If the bill passes, the Federal Trade Commission will create security standards for companies that store personal and financial information. If a company is breached, they will be required to notify authorities and affected customers. The key points of the bill include the FTC establishing security standards for databases, establishing notification requirements to allow people impacted by the breaches to take steps to protect themselves, creating a central entity for breached organizations to report incidents and creating incentives to increase the use of technology to combat cybercrime.
FBI Emails Hacked By Anonymous Slovenia
February 4, 2014 – A member of the Anonymous Slovenia collective known as Black-Shadow is claiming to have compromised the email accounts belonging to several FBI agents. The hacker posted server and DNS information along with email account user names and passwords. The hacker said that he was able to accomplish this with the help of other hacking groups such as AntiSec and LulzSec.
RedHack Breaches TTNet, Vodafone and TurkCell
February 4, 2014 – Members of the RedHack hacking collective are claiming to have hacked the systems of Turkish ISP TTNet, Vodafone and Turkish mobile company TurkCell. The hackers released a statement saying, "Customer data of ISP TTNET, mobile operator Vodafone and Turkcell infiltrated and vast amount of data collected from the systems." At this time the hackers have only leaked some data from TTNet. The information includes the membership details of Ministries, National Intelligence Agencies and the Security Directorate. The motivation for the attack is to show that no system is 100% secure. The hackers added, "In the coming days we'll continue with those exploiting the country. No public information will be shared. Our people can be at ease."
Pakistani Hackers Deface Indian Public Health Engineering Department
February 4, 2014 – Members of the Pakistan Haxors Crew hacking group have breached a defaced the website of West Bengal, India's Public Health Engineering Department. The defacement page reads, "Free Kashmir. Free Syria. Stop Spying On Us. Stop Killing Muslims. We Have All Your Data. Don't Try To Catch Us." The Pakistan Haxor Crew has targeted several Indian websites over the past two months.
Syrian Electronic Army Attacks PayPal and eBay
February 3, 2014 – The Syrian Electronic Army (SEA) has defaced the UK, France and India websites of PayPal and eBay. The sites were displaying a Syrian flag and a message saying, "Hacked by the Syrian Electronic Army. Long live Syria. F*** the United States government." Senior Director of Global Initiatives for PayPal, Anuj Nayar has said that PayPal's systems have not been compromised. He stated, "For under 60 minutes, a very small subset of people visiting a few marketing web pages of Paypal France, UK and India websites were being redirected." SEA said that they had no intention of doing any damage to customers. They said, "Rest assured, this was purely a hacktivist operation, no user accounts or data were touched. If your PayPal account is down for a few minutes, think about Syrians who were denied online payments for more than 3 years.” SEA is claiming to have accessed PayPal's MarkMonitor account. At the time of this writing all PayPal and eBay sites are restored and working properly.
Bell Canada Customer Data Compromised
February 3, 2014 – Members of the NullCrew hacking group have leaked information from over 22,000 Bell Canada customers. Bell Canada has confirmed the leaked data is valid, but they say their systems have not been hacked. The company is claiming that the data was stolen from a third-party supplier in Ottawa. Bell released a statement saying, "Bell's own network and IT systems were not impacted. The issue does not affect Bell residential, mobility or enterprise businesses." NullCrew members have said this is "quite laughable" that Bell Canada was not breached. The hackers say that they notified Bell Canada of the vulnerability two weeks ago.
Orange Hack Compromises 800,000 Customers
February 3, 2014 – Telecom company, Orange has suffered a data breach of the "My Account" section of their website. Information for almost 800,000 customers was accessed during the hack. The information stolen includes names, mailing addresses, email addresses, phone numbers and other information. Once the attack was detected, Orange shut down the section of the website. Technical Director, Laurent Benatar said that passwords were not accessed, but some partial financial information may have been stolen.
UK National Health Service Site Set Up To Serve Malware
February 3, 2014 – The United Kingdom's National Health Service (NHS) website has been breached, and infected with malicious code that redirects people to malware sites. Researchers have determined that that number of infected pages is over 800. NHS representatives have issued a statement saying, "Apologies to anyone having trouble navigating our website - we are aware of the issue and currently working to resolve it."
Yahoo Email Accounts Compromised
January 31, 2014 – Yahoo has announced that "a number of Yahoo mail accounts" have been breached by hackers. According to Yahoo the hackers compromised a third-party database and then gained access to the email accounts. The name of the third-party was not revealed, and Yahoo did not say how many accounts were impacted. Yahoo is working with federal law enforcement to investigate the incident. In their official statement, Yahoo says that there is no evidence that the credentials were compromised directly from its servers.
California High School Students Caught Hacking Computers To Change Grades
January 31, 2014 – Eleven students from the Corona del Mar High School in Newport Beach, California, have been expelled for hacking into the school's computer system and changing their grades. Timothy Lance Lai, a 28 year-old tutor, is accused of teaching the students how to use a key logger. The students then connected the device to a teacher's computer and stole their login credentials. No official legal charges have been filed against the students or Lai.
Indian Paramilitary Website Hacked
January 31, 2014 – Members of the Pakistan Haxors Crew hacking group have hacked and defaced Assam Rifles, one of India's paramilitary forces, website. In addition to posting the defacement page, the hackers posted another message saying, "We have what we want." At the time of this writing the defacement page is still being displayed.
Cambodian Government Sites Defaced For OpCambodiaFreedom
January 31, 2014 – Members of the Team Khmer-Shadow hacking group have defaced two Cambodian government websites as part of OpCambodiaFreedom. The operation is a protest against local Cambodian government. The targeted websites were the Economic, Social and Cultural Council and the Siem Reap Provincial Hall. The home pages of both sites were defaced. The hackers said it is not their goal to "destroy the websites".
Target Hack Blamed On Vendor
January 30, 2014 – Target representatives have said that the hackers that stole information of more than 70 million customers had stolen credentials from a vendor, and used that information to access the company's system. The accused vendor has not been identified and it is still unclear on how the hackers actually stole the information. Target has not identified which portals were used to access the breached payment systems. However, it is being reported that two portals, a supplier's database and a human resources website, have been shut down.
Nigerian Ministry Of Police Affairs Defaced
January 30, 2014 – Members of the Nigerian Cyber Army hacking group have hacked and defaced the website of Nigeria's Ministry of Police Affairs. The attack was a protest against the Nigerian government and police. The defacement message said, "Every offense should have a fair punishment. People have committed greater offenses and nothing was done to them. Police officers collecting bribes only confirms how corrupt our society has become."
Anonymous Portugal Leaks Documents From Parliament
January 30, 2014 – Members of the Anonymous Portugal collective have leaked 185 documents they claim were stolen from the Portugal Parliament's systems. Many of the documents were dated from several years ago, going back as far as 2004. Anonymous Portugal has also released a video where they say that 2013 was "the most shameful year that the Portuguese witnessed during nearly 40 years of democracy."
Vulnerability Leaves Wikipedia Open To Attacks
January 30, 2014 – Researchers have discovered that Wikipedia is vulnerable to remote code executions due to a flaw in the MediaWiki software, an open source wiki software. The vulnerability allows an attacker to execute shell code remotely through an incorrectly sanitized parameter on the MediaWiki application server. The latest version of MediaWiki has patched the vulnerability.
Angry Birds Website Defaced
January 29, 2014 – The official Angry Birds website was defaced for a short time early this morning. Vice President of Rovio Saara Bergstrom said in a statement, "The defacement was caught in minutes and corrected immediately. The end user data was in no risk at any point. Due to how the internet name resolution works, for most areas it was not visible at all, but some areas take time for the correct information to be updated." Security experts say that this was a DNS hijacking and that Rovio's systems were not breached. It appears that the attack came from Lithuania.
Cross-platform Java-Bot Launching DDoS Attacks
January 29, 2014 – Researchers have discovered a new cross-platform Java-Bot, which is infecting computers running Windows, Mac OS X and Linux that has Java Runtime Environment installed. The Java-Bot is exploiting a known critical Java vulnerability that was patched in June. Once a computer is infected, the malware copies itself into the home directory, and registers with the system startup programs. The malware is designed to launch distributed denial-of-service attacks from the infected computers.
ZCompany Hacking Crew Attacks Team Madleets
January 29, 2014 – Members of the ZCompany Hacking Crew (ZHC) are claiming to have breached two subdomains of the Team Madleets website. The Pakistani hacking group, Team Madleets have breached several high-profile websites recently, and ZHC feels they have become "arrogant." The defacement pages contained a message from ZHC saying, "We are not against Madleets or any other team, but when we see someone tryna act like they ‘Own The Scene’ with much arrogance, starts praising and greeting Indians, insulting groups/people who hack for cause like us ‘The ZHC’ & starts yelling about not to hack Indians and they are our friends ? It’s surely something to react too!" Members of Madleets say that their servers have not been breached, saying that the breached servers are not theirs. According to Team Madleets the server was an old server that had expired and has since been purchased by someone else.
Indian Hackers Respond To Republic Day Attacks
January 29, 2014 – On January 26, Republic Day in India, several Pakistani hackers defaced over 2,000 Indian websites. In response, the Indian Cyber Rakshak hacking group has defaced 100 Pakistani sites, but it is believed that they will be continuing the attacks. Several of the sites are still defaced. The Pakistani groups behind the Republic Day attacks include Team Madleets, Maximizers and the KashmirCyberArmy.
Israel Defense Ministry Computer Hacked
January 28, 2014 – Hackers have broken into the computer systems of the Israeli Defense Ministry using a malicious software, which was delivered via an email attachment. The email was made to look as if it was sent by the Shin Bet Israeli spy agency thus fooling users to open the email. Security researchers stated the hackers had temporary control of 15 computers in January. One of the targeted computers belongs to Israel's Civil Administration, which is responsible for monitoring Palestinians in Israeli-occupied territory. At the time of this writing the Israel government is not providing a comment on the incident, however they have stated that the hackers used a variant of the Xtreme RAT software to infect the computers.
Thai Police Website Hacked and Defaced
January 28, 2014 – The hacker known as Stricker Rude of Maximizers Team, has hacked the subdomain of the Thailand Police website. The hacker has also uploaded a defacement and a message that reads, "Owned By The Rude | Team MaXiMiZerS. Secure it Before i come again." This is the second attack carried out by Striker Rude, who earlier this week also targeted several high-profile sites from India, including the Central Bank of India, and the State Bank of Patiala. The Maximizers Team was also the group responsible for attacking several government websites in Morocco and Bangladesh. At the time of this writing the website is still defaced.
Indian Railways Website Hacked
January 28, 2014 – Members of the Pakistan Haxor Crew have once again hacked the website of the Indian Railways. The group was able to upload a defacement page to the Executive Director Rail Movement (EDRM) section of the website. In early April 2013 another Pakistani hacker was able to deface the Indian Railways website in the same manner, and it remains to be seen if the Indian Railways administrators are aware of the vulnerability. At the time of this writing the defaced page is still active.
Chief Rabbinate of Israel Hacked
January 28, 2014 – Members of the Anonymous collective are reporting the Chief Rabbinate of Israel website has been hacked and defaced. The attack is part of the Operation Israel campaign, a coordinated cyber-attack by anti-Israel groups on Israeli cyberspace. It is unknown at the moment who is responsible for the attack on the website. At the time of this writing the website has been restored and is functioning properly.
Hasbro Website Hacked
January 27, 2014 – The website of American toy company, Hasbro, has been hacked by cybercriminals and is being used to distribute malware onto visitors' computers. Visitors of the website are redirected to a site serving a Java exploit. The malicious software has been found on numerous occasions on the site. Research experts have also stated that normal antivirus programs are not capable of detecting the threat, and advise users to avoid visiting the Hasbro website.
Documents Stolen From Microsoft During Email Hack
January 27, 2014 – Microsoft has issued a statement saying that documents "associated with law enforcement inquiries" have been stolen. The announcement comes just a few days after the Syrian Electronic Army (SEA) hacked Microsoft emails and social media accounts. Microsoft has confirmed that SEA did hack employee email accounts. Microsoft also stated, "We have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen." At this time SEA has only leaked internal email conversations.
Nigerian Ministry of Police Affairs Website Hacked
January 27, 2014 – Members of the Nigerian Cyber Army are claiming to have hacked and defaced the official website of the Ministry of Police Affairs of Nigeria. In a message posted on the defaced page, the hackers blame police officials and the government for being corrupt and allowing corruption to continue in the country. The hackers write, "Every offense should have a fair punishment. People have committed greater offenses and nothing was done to them. Police officers collecting bribes only confirms how corrupt our society has become. It is also a sign of a failed government." The website is currently offline.
Colombian Hospital Website Defaced By Moroccan Hackers
January 27, 2014 – The Moroccan Islamic Union-Mail have hacked and defaced the official website of Our Lady of Las Mercedes Hospital, which is operated by the government of Colombia. The hackers left a message which reads, "We do not want muscle-flexing. Just want to get our message across the world to discover the truth…" In addition to the message the hackers also added a video to the defaced website depicting the life of the Prophet Muhammed as written in the Bible. At the time of this writing the website is still defaced.
Pakistani Hackers Target Websites Of Indian Celebrities
January 27, 2014 – Hacker, Haxor 99 of the MadLeets hacking team has hacked and defaced the websites of Indian celebrities, Poonam Pandey and Daler Mehndi. The website of Pandey, who is a famous Indian model and actress, has been defaced with a message that reads, "Your site security is compromised. Nothing Delete(d) or Harmed. Rise a Voice for Justice of Kashimr. Patch Your Site." The other victim, Daler Mehndi, an Indian musician, songwriter and author has the same pro-Pakistan message posted to his website as well. At the time of this writing both websites are still defaced.
CNN Accounts Hacked By Syrian Electronic Army
January 24, 2014 – The Syrian Electronic Army (SEA) has hacked several blogs and Twitter handles belonging to CNN. The group has stated the motive behind these attacks is because CNN is, “reporting lies aimed at prolonging the suffering in Syria. CNN used its usual formula of presenting unverifiable information as truth, adopting a report by Qataris against Syria. Instead of any actual journalism, CNN turned into a loud horn calling for the destruction of Syria.” The group also added, “US media strategy is to hide the fact that the CIA controls and funds Al Qaeda by blaming Syria instead for their terror. The SEA will not stop pursuing liars and will expose them and their methods for the world to see.” On the hacked accounts SEA has posted fake news articles as well as a message which reads, “Syrian Electronic Army was here.” The impacted CNN blogs are Security Clearance, The Lead, Political Ticker, Crossfire and The Situation Room. CNN has removed all fake posts made by SEA and has stated, “Some of our organization's social media accounts were compromised. We have secured those accounts and deleted unauthorized tweets.”
Anonymous Announces New Campaign: OpAreva
January 24, 2014 – The Anonymous global hacker collective has released a new video outlining a new campaign dubbed OpAreva. Anonymous has targeted Areva, a French public multinational industrial conglomerate specializing in mining and energy. Members of the collective have stated they are unhappy with the large amounts of money the company makes through its operations in countries such as Niger, Gabon, Kazakhstan and the Central African Republic, while doing very little to help the people of these countries. The hacker collective has urged journalists to investigate Areva's activities and expose the company's wrongdoings. The group has not outlined the types of attacks they will launching against Areva in the coming weeks.
Neiman Marcus Provides Details Of Data Breach
January 24, 2014 – Representatives of Neiman Marcus are reporting that some 1.1 million credit card and debit card information was obtained by cyber criminals in the data breach which occurred earlier this month. In a statement posted on its website, Neiman Marcus said that the malware had been “clandestinely” put into its system and had stolen payment data off cards used from July 16 to October 30. MasterCard, Visa and Discover have all reported to the company that about 2,400 cards used at Neiman Marcus and its Last Call outlet stores have since been used fraudulently. Like Target, Neiman Marcus will be offering those impacted a free one year free credit monitoring service.
Indian Authorities Launch International Operation Against Cybercriminals
January 24, 2014 – Last December representatives of the Indian and American police set up a new cybercrime portal which would enable the two groups to cooperate more efficiently with one another on investigations. Now this new portal has led to the arrest of one individual as part of an international law enforcement operation targeting cybercriminials. India's Central Bureau of Investigation (CBI) has searched several locations in Pune, Mumbai, and Ghaziabad after receiving information on suspects from the U.S. Federal Bureau of Investigation (FBI). In addition to the U.S., law enforcement agencies from Romania and China are also said to be involved in the international operation. No details have been provided regarding the targeted cybercriminals as the investigation is still ongoing.
Snapchat's CAPTCHA System Hacked
January 23, 2014 – Security experts are reporting that they have successfully hacked the CAPTCHA system on Snapchat's website. The newly introduced system is designed to prevent bots from registering accounts. Soon after Snapchat announced the new system, a security expert was able to write code that hacked the system. Other researchers have since announced that they too have hacked the system. Snapchat recently suffered a data leak and had promised to focus more on security.
Brazilian City Website Hacked
16 Million Accounts From Germany Compromised By Hackers
January 23, 2014 – The Federal Office for Security in Information Technology (BSI), Germany has confirmed a recent data breach, which effects more than 16 million accounts from Germany. BSI was made aware of the breach by law enforcement and research institutions which were analyzing botnets and malware. In addition to the emails, social media accounts and shopping portal accounts being compromised, hackers were also able to infect users with malware. Tim Griese, a spokesman for BSI, confirmed that about half the accounts have the .de domain name denoting it to be German-based accounts. BSI has set up a website where users can check if their accounts have been compromised and have asked infected users to run an antivirus program to remove any malware.
Armenian Government Ministries' Websites Hacked
January 23, 2014 – Members of the Anti-Armenia Team hacking group have breached and defaced sixty-four Armenian government ministries' websites. The defacement pages included a video with an anti-Armenia message. The targeted websites include the Ministry of Education, Artsakh State University, Youth For Achievements Educational NGO and the Football Federation of Armenia. The hackers are from Azerbaijan, which is currently involved in a conflict with Armenia. At the time of this writing all of the sites have been restored and are operating normally.
Authorities Arrest Man Alleged To Be Hacker Guccifer
January 22, 2014 – The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) is claiming to have arrested the man alleged to be the notorious hacker, Guccifer. Romanian authorities have arrested 40 year old, Marcel Lazar Lehel of Arad county and have searched his home for evidence. Authorities suspect that Lehel, "accessed, without authorization, and bypassed security measures to obtain email accounts belonging to public figures from Romania, with the purpose of obtaining confidential information found in their electronic mailboxes." Guccifer has previously hacked several US government officials and celebrities. DIICOT representatives have stated that the law enforcement organization is working with US authorities on the case.
Syrian Electronic Army Targets Microsoft Again
January 22, 2014 – Last week after breaching Microsoft's corporate email and leaking employee information online, the Syrian Electronic Army (SEA) stated that this would not be the last attack on Microsoft. The SEA has kept their word and have now hacked the official Microsoft Office blog. Members of the hacker collective were able to access the WordPress panel of the official blog and posted an article titled, "Hacked by the Syrian Electronic Army." This is the fourth time SEA members have targeted Microsoft, earlier this month the collective also hacked the official Twitter and Skype accounts of Microsoft, as well as the Microsoft XBOX Twitter and Instagram accounts. SEA posted a message to Microsoft after this latest attack. "Dear Microsoft, changing the CMS will not help you if your employees are hacked and they don't know about it." Microsoft has not yet made an official statement on this latest attack by SEA.
Cambodia's Royal Gendarmerie Website Hacked
January 22, 2014 – Members of Team Khmer-Shadow collective have hacked and defaced several domains of Cambodia's Royal Gendarmerie. The group has also hacked the site of Cambodia's Development Program, and a local news website. Team Khemer-Shadow has stated Cambodian websites were targeted as part of its "pentesting" program. The hacking occurred shortly after 11 political activists were arrested by police for protesting outside the US Embassy in Phnom Penh, Cambodia's capital city. Members of Anonymous Cambodia have clarified that Team Khmer-Shadow is a "friend".
Islamic Cyber Resistance Hacks Official Perl Blog
January 22, 2014 – The official blog of Perl has been breached and defaced by members of the Islamic Cyber Resistance. Perl is a family of high-level, general-purpose, interpreted, dynamic programming language created by Larry Wall. In addition to defacing the blog, the group has also leak the credentials of 3,000 users. The information is said to contain user names, email addresses, account passwords, and other data. The hackers have stated the attack on the blog is in support of the Syrian people, as well as the Syrian Electronic Army.
Anonymous Provides Update And Announces New Operation
January 21, 2014 – Members of the Anonymous hacking collective have announced a new operations dubbed, "OpPhDPounds" which will target government supported academic institutions. The new campaign is aimed at institutions that are employing PhD students to conduct research on Anonymous. The types of attacks that will be carried out is unclear at the time. The global collective has also released a video declaring the start of Phase 2 of Operation Killing Bay, warning Japan that if it does not end the slaughter of dolphins in Taiji, they will target government officials, businesses, and media outlets.
Officers Involved In Kelly Thomas Case Targeted By Anonymous
January 21, 2014 – Following the acquittal of two Fullerton, California police officers who beat a homeless man to death in 2011, Anonymous has released the personal details of the officers involved. The hackers also leaked the personal details of the officers' family members as well. The leaked data includes addresses, phone numbers, social media accounts and birth dates. Other hackers have stated this is not the end of their operation against the Fullerton Police Department.
Ubuntu Domains Hacked By Indonesian Hacker
January 21, 2014 – Hacker SultanHaikal of the Gantengers Crew hacking group has hijacked 6 domains belonging to Ubuntu One. Ubuntu is a Debian-based Linux operating system based on a free and open source software. The hacker has added a defacement page to each of the 6 domains that have been hacked, and left the message, "You say that you are a hacker, Defacer, but you are proud? it turns out that you are proud, you are a newbie." It is unclear who this message is directed towards and at the time of writing, the defacement pages are still active.
Monsanto Korea Website Hacked By Anonymous
January 21, 2014 – Members of the Anonymous hacking collective have hacked and defaced the website of Monsanto South Korea as part of the on going Operation Green Rights. Monsanto is a multinational chemical, and agricultural biotechnology company, and is the leading producer of genetically engineered seed. Anonymous hackers stated, "Monsanto: Anonymous thinks you're responsible, in front of mankind, for genocide, environmental disaster, and mass contamination."The hackers were able to deface a page from the "news releases" section of the website, as well as leaking some of its database information online. This past weekend the hackers of Operation Green Rights also launched several distributed denial-of-service attacks against a number of websites belonging to Monsanto.
Personal Information Of Puerto Rican Doctors Stolen
January 20, 2014 – Eduardo Ibarra, President of The Puerto Rican College of Physicians and Surgeons, has revealed that the personal details of thousands of licensed medical doctor in Puerto Rico has been stolen by cybercriminals. The hacking was discovered when medical doctors began receiving harassing emails. It is uncertain what type of information has been compromised, however reports suggest that close to 10,000 physicians could be impacted. The FBI and the Puerto Rico Justice Department are investigating the incident.
Massive Data Leak Of 20 Million South Koreans
January 20, 2014 – The information and personal data of at least 20 million bank and credit card users in South Korea has been leaked. In a statement made by the Financial Supervisory Service (FSS), "the stolen data includes the customers' names, social security numbers, phone numbers, credit card numbers and expiration dates. Reports suggest that an employee from personal credit ratings firm, Korea Credit Bureau, has been arrested and accused of stealing the data from customers of three credit card firms while working as a temporary consultant. The data was then sold by the employee to phone marketing companies, whose managers were also arrested.
Linode Suffers Data Breach
January 20, 2014 – Christopher Aker, founder and CEO of Linode, a web hosting and cloud computing company, has stated the company has suffered a second data breach in less than a year. The compromised server plays no role in the infrastructure of Linode, unlike the server attacked in April 2013. The attackers managed to gain access to the database stored on the old server by using forum credentials used in the April 2013 attack. One report suggests that a user with the moniker n0tryan, has posted the credentials for a Linode server online. The database leak is said to include some invalid credit card numbers, user names, email addresses and encrypted passwords, and appears to be for the phpBB forum. Cybercriminals also made a false report and had the offices of Linode evacuated and searched by Galloway Police Department's SWAT team.
LeakSec Releases Data As Part Of OpFunKill
January 20, 2014 – Hacking group LeakSec has stated they have attacked the monthly newsletter for hunters, The Hunting Report. The group has gained access to its database and have provided a portion of its information as a “sneak peak” as part of the OpFunKill campaign. In a press release by Anonymous, OpFunKill was, “created to hunt and expose hunters. We are opposed to trophy hunting, and any form of hunting for entertainment...OpFunKill has been engaged to attack and expose animal abusers.” At the time of this writing the details of the full leak have not been provided by LeakSec.
Alleged Stolen Data Leaked From DHS Fusion Centers
January 17, 2014 – Several systems of the U.S. Department of Homeland Security (DHS) Intelligence Fusion Centers have been breached by hackers of TeamBeserk. The group has leaked 60MB of documents from the systems. TeamBeserk has stated they are publishing a, "selection of documents" that proves there are, "real threats out there against all Americans and the United States. The security of our Nation needs to be inspected and made better without hurting the rights of Americans." The hacker group has not reveled which Intelligence Fusion Center were targeted, however they have stated they first breached the California Intelligence Fusion Center, before gaining access to other centers in the Midwest.
Anonymous Announces Operation Walmart
January 17, 2014 – The Anonymous global hacker collective has released a new video outlining a new operation planned for Black Friday 2014 and 2015. The new operation is dubbed Operation Walmart and is in response to Walmart Corporation's claims they are unable to pay its workers a living wage. Anonymous states, "In the spirit of solidarity with our fellow activists and the working poor, Anonymous is prepared to use the full might of the collective in defense of the working class, until Walmart is willing to give its workers fair pay for fair work. We demand that the Walmart Corporation change its labor practices, so that all full time workers get minimum pay of eleven dollars an hour and basic health benefits." The collective has provided a list of Walmart locations for protest with the ultimate goal of blocking the entrance of Walmart locations in order to disrupt Walmart's profits.
Pakistani Hackers Deface 1400+ Indian Websites
January 17, 2014 – Pakistani hacker group Team MaXiMiZerS has hacked and defaced 1,448 Indian websites. The hacked websites were left defaced with a short message over the Kashmir issue. Kashmir is a former princely state which is now a disputed territory, now administered by three countries: India, Pakistan, and the People's Republic of China. At the time of this writing many of the websites have been taken offline, while some are still active and defaced.
RedHack Disrupts Website Of Turkish Central Bank
January 17, 2014 – Members of the RedHack hacking group have disrupted the official website of the Central Bank of Turkey. The distributed denial-of-service attacks were launched against the financial institution to protest the Central Bank allowing the Turkish Lira to lose its value against foreign currency. At the time of this writing the website is back online and operational.
Microsoft's Corporate Email Breached By Syrian Electronic Army
January 16, 2014 – The Syrian Electronic Army (SEA) has targeted Microsoft for a third time, this time hacking corporate email accounts belong to employees. Microsoft confirmed the breach in a statement stating the cyber attack was carried out using a phishing campaign and resulted in a small number of Microsoft employee social media and email accounts being impacted. According to a Microsoft spokesperson, "These accounts were reset and no customer information was compromised." It is not immediately clear how many accounts were targeted during the recent attacks, or how much data SEA was able to obtain. A SEA representative says that the attacks were designed to be a distraction, indicating there could be further compromises in the future. Moments after defacing several Saudi Arabian government websites, the group posted a message stating, "We didn't finish our attack on Microsoft yet, stay tuned for more!"
Syrian Electronic Army Hacks Saudi Government Websites
January 16, 2014 – Pro-Syrian hacker collective, Syrian Electronic Army, has hacked several websites belonging to the Saudi Arabia government. The attacks were conducted in an attempt to expose the alleged terrorism being done by the Saudi government. In total, SEA hackers were able to successfully hack and deface 16 websites. A majority of the websites defaced by the hackers belonged to various Principalities across Saudi Arabia.
Cyber Attack On Israel Announced For April
January 16, 2014 – Hacker collective AnonGhost has announced the launch of a new attack on Israeli cyberspace planned for April 7, 2014. The new attack is dubbed Operation Israel Birthday and is in support of Palestine, while also celebrating the OpUSA, OpPetrol, and OpIsrael of 2013.
Public Safety Communication Agency Hacked
January 16, 2014 – It is being reported that in mid-December 2013, the North East King County Regional Public Safety Communication Agency (NORCOM) systems were compromised. Hackers were able to obtain information such as social security numbers, date of births, medical response records and email addresses. NORCOM is a Washington based company which provides 911-type emergency service communications for emergency fire, police and medical service agencies. The server which was targeted contains detailed information of around 6,000 individuals. NORCOM has clarified that the compromised server has been taken offline and is advising those affected to place a fraud alert with all three major credit service bureaus.
Italian Weather Website Hacked
Syrian Electronic Army Website Hacked By Turkish Group
January 15, 2014 – Turkish hacker group, Turkguvenligi has defaced and leaked the subdomain of a website belonging to the Syrian Electronic Army (SEA). The hackers were able to compromise the website through its hosting provider. The attack comes in response to SEA's recent attacks against Turkey. The hackers stated, "You imbeciles will attack our country with fake phishing emails and we'll accept your lies and not do anything? That is the end you deserved: 'And never think Allah is unaware of what the wrongdoers do. He only delays them for a Day when eyes will stare.'" SEA has responded to Turkgivenligi by stating they are unfazed by the attacks.
Hackers Claim To Have Leaked Apple Database
January 15, 2014 – Two hacker groups, European Cyber Army and 1775Sec, are claiming to have breached and leaked information from Apple. They originally leaked data two days ago with a message saying, "We repeatedly warned you Apple, Inc. . . . You thought because we faked some Drop Box leaks, that we actually didn't hack you? You made a foolish move Apple! We are the 1775Sec and the European Cyber Army!" There was no response to this leak, so now the hackers leaked more information from the database. They say they are leaking data for the "lulz" and to send a message.
Anonymous Re-Launches Operation Fullerton
January 15, 2014 – Members of the Anonymous hacking collective have announced the re-launch of Operation Fullerton after two police officers were found not guilty of beating a homeless man with schizophrenia to death. The collective has called on supporters to occupy and protest at police stations throughout Fullerton, California. The group has provided addresses of local precincts.
Hackers Expose Wrongdoings Of Turkish Mayor
January 15, 2014 – Members of the RedHack hacking group have breached the systems of the General Directorate of EGO, an organization which servers as the public transport department for the municipality of Ankara, Turkey. Hackers say that they discovered that employees of the public transport department are registering fake twitter accounts to "hike follower numbers and spread misinformation about the public demand for justice." The hackers have provided screenshots indicating they have access to the email addresses, user names and passwords of department employees.
LeakSec Breaches Database Of Promat Romania
January 15, 2014 – Hacker group LeakSec has claimed to have breached the database of Romanian fire protection systems supplier, Promat Romania. The hackers have released the stolen information to the Internet. The leak is part of Operation Down With Romania, which is protesting the killing of stray dogs as well as the negligence and corruption within the government. LeakSec members stated in a message to the Romanian government, "You disgust us. You shall reap what you sow, your servers shall fall to the teeth and claws of our KRAKEN and your data well be leaked, published, and lost."
Sentencing Postponed For Fifth Time For LulzSec Member
January 14, 2014 – The sentencing of former LulzSec member-turner-FBI-informant Hector Xavier Monsegur, better known as Sabu, has been postponed for a fifth time for unknown reasons. Monsegur's cooperation with the FBI led to the arrests of several high ranking LulzSec members, including Jeremy Hammond the hacktivist who took part in leaking the internal emails of Stratfor employees and its clients. Hammond was sentenced to a maximum of ten years in prison on November 15, 2013. The delay of the sentencing of Monsegur was confirmed by the office of the presiding Judge Loretta Preska.
Yemen Embassy's Emails, Passports Compromised
January 14, 2014 – Members of the AnonSec hacking group have compromised 1,565 emails and passports of the Yemen Embassy. The leak contains the emails, names, passport numbers, dates of birth, gender information, place of birth and phone numbers of individuals impacted. The same group was responsible for leaking 11,000 email accounts and defacing 250 websites two weeks ago as part of a New Year Event. No explanation has been given as to what the motive was for the attack.
Anonymous Targets Website Of Granada Archbishop
January 14, 2014 – Members of the Anonymous hacker collective have breached and defaced the official website of the Archbishop of Granada, Spain. The website has been littered with various satirical messages and adult images. This latest attack is part of the Operation Opus Dei campaign which was launched in mid-December 2013. At the time of this writing the website is operational, however it is unknown if the vulnerabilities exploited by the hackers have been fixed.
Official Blog And Twitter Of Microsoft Hacked By Syrian Electronic Army
January 13, 2014 – Members of the Syrian Electronic Army have breached Microsoft's Official Blog as well as the Twitter handles of MSFTNews and Xbox. This new attack comes a week and a half after the group targeted Microsoft's Skype social media properties on New Year's Day. Members of the group left several messages, including repeating their claim that Microsoft is selling user data from its email services to the U.S. Government. Microsoft has released a statement saying they are aware of the targeted cyberattack, and that the accounts were quickly reset. Microsoft has also confirmed no customer information was compromised in this latest attack.
Payment Card Data Stolen From Systems Of Neiman Marcus
January 13, 2014 – Representatives of Neiman Marcus, a retailer which specializes in luxury goods, have confirmed that their systems have been breached by cybercriminals. As a result of the breach, customer payment data information has been compromised. Neiman Marcus first learned of the breach in mid-December after their credit card processor informed them. The company has stated it is not sure how the cybercriminals gained access to the payment card information or for how long they had access to their systems. At the moment there is no evidence suggesting that individuals who made purchases on Neiman Marcus' website are impacted. The company issued a statement saying, "We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading intelligence and risk management firm, and a leading forensics firm to investigate the situation."
MIT Subdomain Hacked By Anonymous
January 13, 2014 – Members of the Anonymous collective have defaced the MIT subdomain for the Cogeneration Project (cogen.mit.edu). The MIT subdomain was defaced by hackers to mark the one year anniversary of Aaron Swartz's death. Swartz committed suicide shortly after being charged by MIT Police for thirteen counts of felony after systematically downloading academic journals from JSTOR. The attack is part of Operation Last Resort, the campaign initiated in retaliation of the suicide shortly after Swartz's death on January 11, 2013. Anonymous has directed visitors who land on MIT's Cogen site to the website of "The Day We Fight Back," a protest against mass surveillance planned for February 11, 2014.
RedHack And Anonymous Issue Message To Turkish Government
January 13, 2014 – Members of the RedHack and Anonymous have sent a second video message to the Turkish government urging the country to bring an end to censorship. In a video made available to the public, the hacktivists are demanding the Turkish government not only end censorship in Turkey, but also the use of violence during peaceful protests. The video message was released shortly after Turkish prosecutors charged 36 people with acts of terrorism after participating in the Gezi protests. The hacktivists state, "We suffered from the mainstream media blackout about what is really happening in Turkey. This is a peaceful popular revolt. It is a movement that spans all levels and sectors of society. This is a movement that requires only freedom, justice, and democracy."
Argentina's National Rehabilitation Service And Other Government Sites Hacked
January 10, 2014 – The Syrian hacker known as Dr.SHA6H has targeted various government websites from Argentina. The motivation for the attacks is to convince the US and other countries to intervene in Syria. The latest targets include the National Rehabilitation Service (snr.gov.ar) website, and various subdomains of the official website of Argentina's Catamarca Province (catamarca.gov.ar). At the time of this writing most of the sites remain defaced, with the website of the National Rehabilitation Service being taken offline. In addition to the Argentinian government websites, DR.SHA6H has also published his message on the front page of the Mongolian Agency for Standardization and Meteorology's website.
Arrest Warrants Suggest More FBI Moles In LulzSec
January 10, 2014 – Members of the Anonymous collective have leaked FBI search warrants indicating that Hector “Sabu” Monsegur was not the only hacker-turned-FBI informant responsible for bringing down the LulzSec group of international hackers. The new leak indicates two unnamed LulzSec members were arrested on June 29,2011 and turned informants, specifically giving up information on core LulzSec members. Documents do not reveal the identity of the second informant, however LulzSec members have accused M_nerva of cooperating with authorities, alleging that he provided information that led to the arrest of a British LulzSec member in June of 2011. Anonymous has also leaked nine other warrants, one which dates back to the same day Monsegur was arrested. As a result of Monsegur's cooperation numerous senior-level officials and the remaining top-ranking members of the LulzSec group were arrested or hit with additional charges Tuesday morning.
Website of Peruvian Congressman Hacked by Argentinian Group
January 10, 2014 – The Team Hack Argentino hacking group is claiming to have breached and defaced the official website of Peruvian Congressman Jamie Delgado (jamiedelgado.pe). The hackers haven't defaced the website's main page, instead they've added an HTML to the page. The Congressman has yet to make any official statement regarding the incident, however the website has been taken down by its administrators. The hackers have also defaced several other sites from Peru, including the subdomain used by the police of the San Jamie municipality, which is currently offline. Team Hack Argentino has also revealed they will be “targeting Mexicans tomorrow.”
1775Sec Breaches Ford As Part Of OpTrollSec
January 10, 2014 – The hacking group 1775Sec is claiming to have breached and leaked a database from Ford Motor Company. The leak contains user names, phone numbers, emails and car types from Ford. The leak is part of the group's OpTrollSec campaign, which aims to leak data and disrupt various websites. As part of the campaign, 1775Sec has also launched distributed denial-of-service attacks on websites of nko.navy.mil and infinity.disney.com. At the time of this writing 1775Sec has stated they will be targeting various websites over the next few days as part of OpTrollSec. The website of infinity.disney.com is back online and functioning properly.
Islamic Cyber Resistance Group Hacks Systems Of Israel Airports Authority
January 9, 2014 – Hackers of the Islamic Cyber Resistance Group are claiming to have breached the computer systems of the Israel Airports Authority (iaa.gov.il), the group responsible for the management of the country's civil airports and land-to-land border terminals. The hackers have said they gained access to the organization's internal networks and stole sensitive files, including information on domestic and international flights, details on management and flight routing software, weather condition maps and flight briefs used by the control towers and pilots. The attack is part of a campaign dubbed OpIsrael, and the hackers claim they could have caused service disruptions but haven't, “due to humanitarian considerations.” They have however wiped the data found on the compromised server, which they claim they've had access to for months. In a statement published by the hackers the attack on Israel was because, “ [As] the world knows, killing women, children and innocent people is a profession exclusive to Israel and its neophytes, and we, as ordered by Islam, do condemn such moves and, thus, find it sufficient to release sensitive information to prove that we have had the access to the servers and downed the website.” At the time of this writing the Israel Airports Authority is yet to issue an official statement.
Malware Steals Data From Computer At Japanese Power Plant
January 9, 2014 – On January 2nd researchers identified a piece of malware on a computer in the reactor control room at the Monju nuclear power plant in Japan. The malware is said to have stolen private information from the infected machine. It appears that one of the facility's employees wanted to update a video playback program, which turned out to be malware. The computer which was infected is used by employees to file paperwork and the damage caused by the malware is limited. However, the cybercriminals controlling the malware could have accessed sensitive documents, including emails, training records and employee data sheets. The infected device was accessed more than 30 times during a five-day period after the worker performed the video software update and it is being reported that over 42,000 documents were stored on the device. Researchers have stated that the malware is apparently communicating with a server in South Korea possibly identifying the location of the attacker.
Scam Emails Distribute Malware That Steals Bitcoins
January 9, 2014 – Bitcoin users are reporting that they have received suspicious emails that are designed to steal their Bitcoins. Security researchers say the attack begins with an email that carries the subject line “Wallet Backup”. The email message asks users to visit a link which is attached to the email to redeem 30 BTC, however the link points to a website that is set up to serve an archive named “backup.zip”. When the file is executed a Notepad document containing a password is opened while a malicious executable is launched in the background. The malware then waits for victims to open his/her Bitcoin Wallet using the Bitcoin-Qt software and begins stealing the Bitcoins. It has been determined that the URL in the email was clicked by at least 1,674 people, with most of the victims located in the United States.
The Straight Dope Forum Hacked, User Passwords Stolen
January 9, 2014 – Popular online question and answer newspaper column, The Straight Dope, is advising users of its forum to change their passwords because the information may have been compromised in a recent attack on the bulletin board. The company has posted a notice on its forum but has provided very little details. The breach was discovered by the Straight Dope security team, but they have not revealed when and how long the attackers had access to their systems. The information compromised includes usernames, email addresses and passwords. The Straight Dope has stated that it is working with law enforcement as well as conducting an internal investigation to resolve the issue.
AnonSec Claims Release Of US Government Server Files
January 8, 2014 – Hacking group AnonSec is claiming to have accessed the File Transfer Protocol Server belonging to nine US government websites. The group has provided a list of the targeted websites which include the US National Institute of Health, US Securities and Exchange Commission, and the US Department of Agriculture. At the time of this writing the motive for the attack is not know, however, AnonSec has stated they will continue releasing sensitive information.
T-Mobile Customer Data Hacked
January 8, 2014 – A T-Mobile supplier had a server hacked that contained names, addresses, social security numbers and driver's license numbers. The breach was discovered by T-Mobile in November 2013, and the company believes that the cybercriminals were after customer credit card numbers, which were not found in the compromised files. Affected individuals are being offered free identity protection services for one year. The supplier whose systems were breached says they have taken measures to ensure that such incidents are avoided in the future. The exact number of impacted individuals has not been disclosed, however the incident has been reported to the California Attorney General indicating that at least some of the victims are from the state of California.
OpFunKill Continues With Attack On Namibian Government Portal
January 8, 2014 – Yesterday we reported on OpFunKill, the Anonymous led campaign protesting the killing of animals; now the hacker collective has taken action against Namibian government websites and sites related to hunting. The hackers issued a statement in response to the Dallas Safari Club's auction of killing a rhino, saying, “The trophy hunting of vulnerable and/or endangered species in Africa has to stop. For years, this unethical sport and tourism has hidden behind the ridiculous South African laws that allow it.” The collective was able to disrupt Namibia's main government portal, gov.na, however, currently the website appears to be working properly. Hackers were also able to breach the systems of The Namibian, an independent newspaper, claiming to have stolen sensitive information from the newspaper's database. Namibia's Deputy Minister of Environment and Tourism, Phamba Shifeta, says that the government has no plans of abandoning the auction because it could generate a lot of money for conservative initiatives.
DailyMotion Serving Malvertisment To Unsuspecting Users
January 8, 2014 – Security researchers are warning users of popular video sharing website DailyMotion, of fake antiviruses being served through malicious ads. According to researchers, users who visit the website are served fake antivirus ads which falsely inform victims of malware infections and asks them to register the product in order to remove the Trojans, Downloaders, Backdoors, and Rootkits. The threat was discovered by researchers on January 7th, and at the time of this writing it is uncertain if the website has been cleaned up. Users are advised to avoid visiting the website until a statement is released from DailyMotion.
Guccifer Returns With More High Profile Attacks
January 7, 2014 – The hacker known as Guccifer is claiming to have hijacked online accounts of several high-profile individuals. In the past, Guccifer has compromised the accounts of several celebrities and government officials, including members of the Bush family. The most recent victims include the CEO of MetLife, Steven Kandarian; former Air Force Secretary, George Roche; head of the Romanian Intelligence Service, George-Cristian Maior; author Kitty Kelley; DHS official Laura Manning Johnson; actress Mariel Hemingway, fitness instructor, Denis Austin; members of the Council on Foreign Relations; members of the UK's House of Lords and comedian, Steve Martin. Guccifer did not reveal details about how he managed to breach these accounts. He claims to have stolen bank statements, payment card data, financial documents, personal photographs, phone records and correspondence. All of this information has allegedly been given to an unnamed reporter. The hacker says he has intercepted communications between his victims and the authorities. However, he said, “I am not concerned.”
Amateur Poker League Admits To Being Hacked
January 7, 2014 – Last week hacker smitt3nz leaked the email addresses and clear text passwords of more than 175,000 World Poker Tour Amateur Poker League users, including some US government workers. Officials of the World Poker Tour are downplaying the impact of the attack with CEO Kurt McPhail stating that the information stolen is, "pretty much worthless." According to McPhail around 50,000 of the leaked accounts are still active. Some of the leaked email addresses appear to belong to employees of the US government, including the Centers for Disease Control and Prevention, the Department of Health and Human Services, US Courts, the US Federal Bureau of Prisons, the House of Representatives, the Department of Energy, and the Department of Labor. Impacted users are being notified and the vulnerabilities exploited by the hacker are being patched.
Payment Card Data Compromised In Sandwich Company Breach
January 7, 2014 – The computer systems of sandwich chain 'wichcraft have been breached and payment card data has been stolen. Payment card details of customers who made purchases between August 11 - October 2, 2013 at locations in San Francisco and New York may have been compromised. The information accessed by the cybercriminals included names, payment card numbers, expiration dates and security codes. 'witchcraft is notifying affected customers; and working with law enforcement agencies and credit card issuers in investigating the incident.
Anonymous Threatens Government of Namibia
January 7, 2014 – Anonymous affiliated hacking group, Team Defiant, is threatening the government of Namibia after it allowed the US-based Dallas Safari Club to auction the chance to kill a black rhino from the country's Mangetti National Park. At this time there has been no action taken against the government. The attacks to date include the defacement of the America Made Outdoors website, a major supplier of hunting, fishing, and camping gear; and the website of Just Holidays, Namibian travel company. The hacktivists are referring to the campaign as OpFunKill.
2.5 Million European Yahoo! Users Hacked And Possibly Infected With Malware
January 6, 2014 – Millions of Yahoo.com users from Europe may have had their computers infected with malware served via malicious advertisements. The attack was discovered on December 30, 2013. Cybercriminals compromised ads.yahoo.com with malicious iframes which redirected users to domains hosting the Magnitutde Exploit kit. Users do not have to click on the ads in order to have their devices infected with malware. The exploit kit leverages Java vulnerabilities to push various pieces of malware, including ZeuS, Andromeda, Dorkbot, Tinba and Necurs. Yahoo has stated that only users from Europe are impacted, with the most infections in Romania, the UK and France. Yahoo has cleaned the infection, however, as many as 2.5 million users may have been impacted.
Financial Data Of Over 93,000 StaySure Customers Stolen
January 6, 2014 – British travel insurance company StaySure has suffered a data breach. In a statement from the company, hackers broke into its server in the second half of October 2013, however, the breach was not detected until mid-November. In a notice published on its website, StaySure has revealed that the attackers have stolen names, addresses, encrypted payment card details, and CVVs of customers who had purchased insurance before May 2012. According to StaySure around 93,000 people may have been impacted. The company is sending out notification letters to affected individuals and is confident that the vulnerabilities exploited by the cybercriminals have been patched.
24 Mexican Government Websites Hacked
January 6, 2014 – Members of the Anonymous collective have breached and defaced websites hosted on the Mexican government domain. The sites targeted are from the cities of Angangueo, Villa Guerrero, Capulhuac, Aporo, Nahuatzen, Ocoyoacac, Langunillas and Tejupilco. On the homepage of each website the hacktivists have posted images of the Anonymous logo and messages that read, “We Are Anonymous.” The attack was announced around three hours ago, and at the time of this writing all of the websites are still defaced. It is not known what the motive is behind the defacements.
Anonymous Sends Message To Turkish Government
January 6, 2014 – The Anonymous hacking collective has published a video message addressed to the government of Turkey. The collective is demanding that the government puts an end to corruption and the use of violence against peaceful demonstrators. The hacktivists wrote, “You have created a system which ensures the poor remain poor and the wealthy remain wealthy. It is now very clear to us that you have no intention of running the country for the people but you will continue to run it for your own personal interest.” The statement was released shortly after 36 Gezi protestors were charged with acts of terrorism by prosecutors. The hacktivists have stated they will continue to target the Turkish government, however, no immediate plans have been announced.
Brazilian Government Sites Hacked In Protest of World Cup
January 6, 2014 – Brazilian hackers have continued the hacking and defacing of several Brazilian government websites as part of the OpWorldCup campaign. Over the last several days the DK Brazil Hack Team, the Insanity HackTeam and other Anonymous affiliated groups have hacked the website of various Brazilian states, including Ceara, Santa Catarina, Bahia and Sao Paulo. The hacktivists are hacking and defacing websites in protest of the 2014 FIFA World Cup which they feel is having a negative impact on Brazil and its people. At the time of this writing some of the websites have been restored, however, many have been taken offline.
Nationalist Movement Website Hacked By Anonymous
January 3, 2014 – The official website of the Nationalist Movement has been hacked and defaced by members of the Anonymous collective. The attack is part of OpAntifa, a campaign against nationalists, racists and fascists. The group has also left a message on the website writing, "We will take all actions to eradicate white pride from every corner of our world, physical and virtual. We will strike at all who support, promote, spread or hold fascist ideals, and we will do so with all of our strength, which is a great strength." At the time of this writing the website is still defaced. This is the second attack in the past 3 weeks against the website of the Nationalist Movement. Anonymous hacktivists first attacked the website on December 15, 2013.
Hackers Steal Money From European ATMs
January 3, 2014 – Hackers in Europe are now reportedly targeting ATM machines using malware-loaded USB drives to steal money. Most of the world's ATMs are running on the Windows XP operating system, which is highly vulnerable to malware attacks, and just like desktop/laptops, some ATMs also have USB sockets which is hidden behind the ATM. Researchers found that hackers are now exploiting this vulnerability by cutting holes into the ATM to access the USB port and uploading malware into the machines. The malware allows thieves to create a unique interface on the ATMs by typing in a 12-digit code, this interface then allows withdrawals and also shows the amount of money and bill denomination inside the machines. The malware does not appear to harvest customer PINs or other sensitive data, however, some banks have began upgrading the ATMs to prevent them from booting from external USB devices.
Hackers Leak Data From Financial Services Online
January 3, 2014 – The Pakistani hacking group known as Pakiz Cyber Squad, have leaked user data stolen from the systems of Financial Services Online, an Australian company that provides insurance, finance, superannuation, and investment services. The leaked data was published to the Internet, and included user names, names, addresses, phone numbers, email addresses, passwords and in some cases Pay Pal email addresses. The data belongs to affiliates of Financial Services Online, a total of 527 record sets have been released.
86,369 User Credentials Leaked By Hackers
January 3, 2014 – The HitlerSec hacker group is claiming to have breached and leaked data from the website of MMMOOO, a mobile phone application owned and operated by Shanghai Jibiao Info Tech Co., Ltd. The hackers posted the leaked information, including Pay Pal email addresses, full names, encrypted passwords, and user email addresses, to the Internet. At the time of this writing the motive for the breach is unknown, MMMOOO is yet to officially release a statement.
SnapChat Hacked, 4.6 Million Usernames And Phone Numbers Published Online
January 2, 2014 – Photo messaging application SnapChat has been hacked and the personal information of about 4 million users has been leaked. At this time it is not known who is responsible for the attack. The leaked information, which includes user names and phone numbers, was posted to a website called SnapChatDB. On SnapChatDB, it says that the hackers accessed the data by exploiting a vulnerability which has now been fixed. The hackers removed the last 2 digits from the usernames and phone numbers to avoid putting user privacy at risk. The data was available online for a few hours, however the SnapChatDB website has now been suspended. The reason for the attack was to raise awareness and pressure SnapChat administrators to fix the vulnerability.
Supreme Court of Bangladesh Attacked
January 2, 2014 – Hacker group, IzzahHackers is claiming an attack on the Supreme Court of Bangladesh as part of the ongoing OpBangladesh campaign. According to the hackers they have breached the database of the Supreme Court and have posted the information to the Internet. The hackers have stated the purpose of this attack was to stop the unlawful executions being conducted in Bangladesh. At the time of this writing the website has been restored, however the leaked data is still available.
Hunting Magazine Data Hack
January 2, 2014 – The hacker known as L3pRec0N has allegedly hacked the website of Bear Hunting Magazine. The hacker claims to have hacked the database of the website and leaked credit card information. The attack is part of the OpHuntTheHunter campaign led by animal activists protesting the hunting of wildlife for sport.
Anonymous Announces Upcoming Campaign Against The U.S.
December 31, 2013 – Members of the Anonymous collective have released a video announcing, “a special project” which is planned to launch on January 1st, 2014. The campaign is targeting the United States, however, Anonymous has clarified the campaign, “will not be about hacks, leaks, or occupying specific locations of a special city.” At the time of this writing no attacks related to this campaign have been reported.
Israeli Bank Websites Taken Down By Anonymous Tunisia
December 31, 2013 – Hacker group, Anonymous Tunisia, a sub-group of Anonymous, is reported to have taken down 11 Israeli Bank websites via distributed denial-of-service attacks. According to the hackers the attacks are in support of Palestine. In a message by Anonymous Tunisia they said, “This is just the beginning, this is just phase 1. There is a lot (more) to come.” It is unclear what the next target will be for the hackers, however, they have announced that the second phase of the attack will be launched soon. At the time of this writing several of the websites have been restored.
December 31, 2013 – Boston Restaurant Group Computer System Hacked
Boston Restaurant group, Briar Group is informing its patrons that their computer system was hacked and credit card data may have been accessed by the attacker. The group started an investigation after learning that their visitors were victims of credit card data theft. The breach is said to have occurred between October 2013 and early November 2013. In a statement released by the group, “We have been working closely with law enforcement officials and are providing them with all available information to support their effort to identify the criminals who undertook this act." Representatives of the group have apologized for the security breach and are urging customers to monitor their credit card statements for any fraudulent charges.
Hacker Defaces Eight Nepal Government Websites
December 31, 2013 – The hacker known as DR.SHA6H has breached and defaced a total of eight websites belonging to the government of Nepal. The targeted websites includes the National Development Volunteer Service, the Department of Cottage and Small Industries, the Nepal Law Commission, the National ID Management Center, a district office, and some county educational offices. DR.SHA6H, has been defacing various high-profile websites in an effort to raise awareness of the situation in Syria, urging other countries to intervene. At the time of this writing most of the websites have been taken offline.
Colorado Medicaid Data Breach
December 31, 2013 – Information belonging to at least 1,918 Colorado Medicaid patients was breached after a temporary employee from an outside contractor sent the information to his or her own personal email address. According to The Colorado Department of Health Care Policy and Financing, the information may have been intended for the employee's use in another business. The information which was sent included patient names, date of births, addresses, telephone numbers, health conditions, and Medicaid identification numbers. Affected patients are being notified by mail, as the department continues its investigation of the incident.
Anonymous Leaks Email And Credit Card Credentials Of Officials
December 30, 2013 – Earlier this month members of the Anonymous collective stated their intent of hacking the websites of SeaWorld and the World Association of Zoos and Aquariums as part of OpKillingBay, the Anonymous led initiative protesting the killing of dolphins and orcas in Taiji, Japan. In this recent attack, the hacker group has leaked the credit card data of SeaWorld's board members along with their private emails, as well as the email information belonging to members of the World Association of Zoos and Aquariums. According to Anonymous the organizations were targeted due to their enabling of the killings in Taiji Japan. At the time of this writing the post containing the sensitive information has been removed.
United Nations Population Fund Websites Defaced
December 30, 2013 – Syrian hacker Dr.SHA6H has breached and defaced websites belonging to the United Nations' Population Fund (UNFPA). The websites targeted by the hacker belong to the United Nations' websites of El Salvador and the Republic of Mali. According to the message left by the hacker he is, “...unhappy with the fact that other countries don't intervene to help Syria.” In particular he has named the US, but claims the message is for the entire world. Over the past year, DR. SHA6H has breached several websites belonging to governments across the world. At the time of this writing the websites are still defaced.
Venezuela, Turkey, Indonesia And Saudi Arabia Government Sites Hacked
December 30, 2013 – The Bangladesh Grey Hackers hacking group have breached websites belonging to the governments of Venezuela, Indonesia, Vietnam, Saudi Arabia and Turkey. According to the hackers they are protesting, “the killing of innocent Muslims around the world.” The group has defaced the main domain and several subdomains of the Ciara Foundation and the Permanent Secretariat of the National Council of Universities in Venezuela. The group has also hacked the websites of Kien Giang Customs Department in Vietnam, the municipal council of the Saudi Arabian city of Zulifi, a religious organization in Turkey, as well as the subdomain of the Polewali Mandar Regenecy's site in Indonesia. At the time of writing most of the websites have been restored.
Ukrainian Journalist Attacked, Anonymous Retaliates
December 30, 2013 – Members of the Anonymous collective are claiming to have hacked two websites of the Ukrainian government in retaliation for the attack on Tetiana Chornovol, a Ukrainian civic activist and journalist who was brutally beaten on December 25th. Reports state Chornovol was dragged by a group of men from her car outside Kiev and beaten.. On Thursday, the U.S. Embassy in Kiev condemned the attack in a statement calling for an investigation, “which unlike previous such incidents must result in those responsible being held fully accountable under the law.” The hacktivists did not name the sites that they allegedly attacked.
Prime Minister Of Bangladesh Website Targeted By Anonymous
December 30, 2013 – The Anonymous hacker group has resumed the anti-government campaign dubbed, Operation Bangladesh, and over the past few hours have targeted at least three government websites in Bangladesh. The hacktivists have launched distributed denial-of-service attacks against the websites of the Prime Minister's Office, the Election Commission Bangladesh, and the country's government portal. At the time of this writing, the website of the Election Commission appears to be functioning properly, however, the government portal and the Prime Minister's website are still inaccessible. While hacktivists are protesting in cyberspace, Bangladesh opposition supporters are preparing for mass marches in protest against the controversial upcoming elections.
Russian Hacker Attempts To Sell Access To BBC Server
December 30, 2013 – A Russian hacker has managed to gain access to a BBC server and has attempted to sell the access to other cybercriminals. A Russian hacker by the handle name, “Hash” and “Rev0lver” was found attempting to sell access to the BBC server on Christmas day. Researches have found no evidence that led to a deal or that data was stolen from the BBC server. At the time of this writing the BBC security team has reportedly fixed the issue in question.
LulzSec Leaks Data From Ministry Of Interior
December 27, 2013 – Members of the LulzSec hacking group have targeted the network of the Peruvian Ministry of Interior. The hackers published various files, including documents, e-mails and screenshots, which appear to be classified. LulzSec Peru has stated the attack was aimed at demonstrating the vulnerabilities in the governments computer systems. The Ministry of Interior has released a statement confirming that the attackers had access to emails sent and received by authorities, however there is no evidence that the contents of the leaked files is accurate.
Malware Distributed Via Fake Retail Emails
December 27, 2013 – Authorities are warning customers of Costco, Walmart and Best Buy, of fake emails being sent out to distribute a variant of the Kuluoz malware. In each case, the scam email notifies recipients that if they fail to reply within one week, they will get their money back, however, a certain percentage will be deducted. The links from these emails do not point to a form, rather, they lead unsuspecting users to compromised websites used by the cybercriminals. Authorities are asking those effected to update their antivirus solutions and avoid opening any email they do not recognize.
Brazilian Government Site Hacked
December 27, 2013 – The website of Brazil's Igarape do Meio municipality has been hacked by the DK Brazil HackTeam, a group affiliated with Anonymous. As part of the campaign dubbed, OpWorldCup, the hackers targeted the government website in protest against the upcoming 2014 FIFA World Cup, which will be hosted by Brazil. Visitors of the website are redirected to a defacement page that displays a short message and video called, "Expect us on 2014 FIFA's Cup." The hackers have not deleted any information from the website aside from the logs. Reports suggest the hackers have also defaced the subdomain of the Sao Paolo website as well.
English Defence League Database Erased By Hackers
December 27, 2013 – The hacker, ZHC_GAZ, is claiming to have attacked and erased the database of the English Defence League (EDL) in the UK. The English Defence League is a far-right nationalist movement opposing what they consider to be the spread of Islam, Sharia law and Islamic extremism in the United Kingdom. At the time of this writing the website is currently offline.
Anonymous Claims Attack On Dolphin Quest
December 26, 2013 – Members of the Anonymous collective are claiming to have breached the website of Dolphin Quest Theme Park. Following the breach, the hackers leaked part of the site's database. Dolphin Quest is a popular tourist attraction with locations in Hawaii, the Bahamas, and Bermuda in which tourists can swim with dophins. The attack is part of the ongoing OpKillingBay, which is protesting the killing of dolphins in Taiji, Japan. The hacking collective is also threatening to attack the website of Sea World, who according to Anonymous is enabling the killings of dolphins and orcas in Taiji. At the time of this writing Dolphin Quest is yet to formally acknowledge the data leak.
Bangladesh Ministry Of Civil Aviation And Tourism Database Leaked
December 26, 2013 – The hacker group, AnonSecHackers has hacked the website of Bangladesh's Ministry of Civil Aviation and Tourism. The hackers have also posted information from the site's database on the Internet. This is the second reported attack this week on Bangladeshi cyberspace; earlier this week we reported that hackers were also able to breach and leak the data of Bangladesh's state owned petroleum company. At the moment the hackers have not stated the reason for the attack on the Ministry's website.
Iran Revolutionary Guard Corps Hack Opposition Websites
December 26, 2013 – The Islamic Revolutionary Guard Corps (IRGC) of Iran's Kerman province have hacked nine websites and portals of anti-regime forces. According to reports the nine websites targeted are: Nedaye Sabze Azadi, Sabzname, Norouz, SizProxy, Ostaban, Nogam, Degarvage, Iran Opinion, and Symail. On December 4th the IRGC also arrested 16 cyber-activists accused of having ties to foreigners, cooperating with Western news networks and helping to update and design websites to educate anti-regime reporters.
New Malware Targets Syrian Activists
December 26, 2013 – A new malware campaign is targeting Syrian activists, journalists, and non-government organizations, in which the attackers are employing a variety of tactics, including a new OS X Trojan which could be part of a “false flag” operation. The malware is mailed out to users in Syria and despite heavy media speculation, researchers say, there is no connection between the Trojan and the Syrian Electronic Army. Researchers have stated, “the groups behind these attacks are using a wider variety of tools to compromise their targets, including several remote-access Trojans and the OS X malware. Opposition groups continue to be targeted with phishing and malware attacks by pro-Assad hackers...”
Anonymous Announces Holiday Operations
December 24, 2013 – Hacker group Anonymous is gearing up for the festive season as it plans to launch three global operations over the holidays. The operations are: SolsticeSolidarity, a UK-led effort which started on December 21 aiming to build social media presence for donations, OpRingMyBell a US-led effort which is planned for December 25, to boycott and antagonize the Salvation Army for its discrimination of LBGT individuals, and OpSafeWinter planned for December 26, a global effort to raise awareness and donations for the homeless.
South African Department of Health Website Hacked
December 24, 2013 – The hacktivist group, Moroccan Islamic Union-Mail (MIUM), has hacked and defaced the website of the South African National Department of Health. The hackers left a short message offering condolences to the people of South Africa for the death of Nelson Mandela, as well as asking South Africans to support the Polisario Front in Morocco. The Polisario Front is a Sahrawi rebel national liberation movement working to end the Moroccan occupation of Western Sahara. This is not the first time the website has been hacked, a few days ago the hacker known as Dr.Silnt HiLL uploaded a defacement and last month another Moroccan hacker group, Moroccan Agent Secret, defaced the page as well. At the time of this writing the website is offline.
Hackers Try New Ways to Use Stolen Card Data
December 24, 2013 – Last week we reported on a massive data breach affecting more than 40 million Target customers, now it is being reported that hackers have begun using a new technique which can slow down the detection of card misuse. Compromised cards are being marketed online with information on the state, city, and zip code of the Target store in which they were used. Experts say the location information will allow buyers of stolen data to use spoofed versions of the cards issued to people in their immediate vicinity. One expert elaborated, “This lets crooks who want to use the cards for in-store fraud avoid any knee-jerk fraud defenses in which a financial institution might block transactions that occur outside the legitimate card-holder's immediate geographic region.” This is the first time security experts have observed hyper-localized selling of stolen credit and debit card information following a retail breach. Researchers also stated, “whoever is behind this breach appears to have a tremendous amount of not only technical, but also retail operations and payment industry knowledge.”
OpGreenRights Targets Three Italian Energy Companies
December 24, 2013 – The Anonymous subgroup, OpGreenRights, has claimed they have attacked three Italian energy companies, as part of the ongoing OpGreenRights campaign. The group has allegedly stolen and released account details of Italian electricity companies, ENEL, ENI, and SAIPEM. According to a video released by the hacker group, OpGreenRights was initiated when several of the Arctic-30 activists were arrested by Russian security forces on September 18. In the video the hackers state that OpGreenRights was, “designed to target high-level communication assets of the Russian Federation worldwide.” This new attack is one of several over the past few weeks which targeted the oil industry in Angola, Kenya, and Mexico.
Bangladeshi Petroleum Company Hacked
December 23, 2013 – The official website of Padma Oil Company Limited (pocl.gov.bd), the largest and oldest petroleum company in Bangladesh, has been hacked and defaced by the hacker known as z3r0c0000l. This is not the first time an attack has been launched on the state-owned company's website; in 2011 the website was hacked by Algerians, by Pakistanis in 2012, and last month by a group of Indian hackers. Once z3r0c0000l had defaced the website, another hacker group called, Gllok Hackers, posted their own defacement page on the websites homepage. It is still not certain if the hackers are finding new vulnerabilities on the website, or if webmasters are restoring the website without fixing the vulnerabilities. At the time of this writing the website is still defaced.
Anonymous Attacks Cambodian Government Websites
December 23, 2013 – Over the weekend, hackers of Anonymous Cambodia, launched distributed denial-of-service attacks against over two dozen government and government related websites. The attacks occurred just as thousands of people marched on the streets of Cambodia's capital, Phonom Penh, demanding new elections, and asking the prime minster to step down. According to a report the targeted websites belong to various ministries, the police, educational institutions, and other organizations with ties to the government. At the time of this writing all websites have been restored to their full working conditions.
Mauritania's Ministry of Justice Hacked and Defaced
December 23, 2013 –Mauritania Hacker team have breached and defaced the website of Mauritania Ministry of Justice (justice.gov.mr). The hackers defaced the website leaving a simple message, which reads, “Hacked by Mauritania HaCker Team.” No reason for the attack has been given. At the time of this writing the website is still down.
High School Students Hacking Computers To Change Grades
December 20, 2013 –According to a new report, at least a dozen students of the Corona del Mar High School in Newport Beach, California, are suspected of hacking in to school computer systems in an effort to change grades and gain access to tests. It is believed that the students were helped by a private tutor who showed students how to use a keylogger. Both the students and the tutor have been identified by local authorities, and could face criminal charges. At the time of this writing authorities are asking the public for help in identifying the tutor, Timothy Lance Lai, whose whereabouts are currently unknown.
Anonymous Compromises Several Serves As Part Of OpUkraine
December 20, 2013 –Hacker group, Anonymous, is claiming to have compromised several servers belonging to the Ukrainian government. The Anonymous led campaign, OpUkraine, is protesting the, 'brutal crackdown on journalists and media...' by Ukrainian President, Viktor Yanukovych. According to a report, over 50 journalists were targeted and injured at a demonstration by Ukrainian special forces. In retaliation for Ukraine's crackdown on pro-EU protesters and journalists, Anonymous has asked that financial support to the police and government be halted.
Cybercriminals Using German Copyright Scandal To Distribute Malware
December 20, 2013 –According to a new report, earlier this month, a German law firm began sending out threatening letters, on the behalf of copyright holders, to German users who had been surfing a popular adult website. Researchers now say they are leveraging this story to distribute malware. The case is controversial because it is uncertain how the German law firm obtained the information on the websites visitors. The report goes on to say that cybercriminals have started sending out fake emails in an effort to trick users into downloading a piece of the malware. The fake notifications inform the recipients that they will face fines and even imprisonment for unlawfully streaming copyrighted content, and instruct the users to download the attachment for more information. Once the file infects the device, the threat downloads additional pieces of malware. The German firm is aware of the fake emails and has posted a notice on its website to warn users.
Dutch Politician Targeted By Hackers
December 20, 2013 –Controversial Dutch politician, MP Geert Wilder, is in the cross-hairs of hackers who are targeting the politician after he released an anti-Islam sticker that said, “Islam is a lie. Mohammed is a crook. The Quran is poison.” Anonymous-affiliated hackers have already set their sights on Wilder's website, 'geertwilders.nl' and are apparently planning on launching a distributed denial-of-service attack against it. The hackers have also posted a link to a web-based DDoS tool that anyone can access to launch an attack against the politicians website. At the time of writing Wilders' website appears to be working properly. Many Dutch officials have come forward to condemn the offensive sticker.
Target Admits 40 Million Payment Cards Compromised
December 19, 2013 –Retail giant, Target has released a statement saying they just learned that the payment card details of almost 40 million customers from all over the United States have been stolen in a data breach. People who have made purchases at Target stores between November 27 – December 15 are impacted. Target has confirmed that names, credit and debit card numbers, card expiration dates, and CVVs have been stolen. Target has began providing customers with advice on what to do to protect themselves from potential misuse of their payment card information. The retailer is also working with law enforcement, including the US Secret Service, and financial institutions. As of now there is no mention of identity protection services being offered to customers, instead Target recommends customers periodically obtain credit reports from Equifax, Experian, or TransUnion.
Hackers Threaten To Sell Bank Details Of Customers
December 19, 2013 –According to a report coming out of Israel, a group of hackers are attempting to blackmail three Israeli banks. The group claims to have stolen the details of some 3.7 million customers, and are threatening to sell the information on the underground market unless the banking institutions pay them. The three banks being targeted are said to be, Yahav, Discount Bank, and First International Bank of Israel. The hackers claim to have obtained the information with the aid of a massive Botnet that stole the credit card details and passwords from the computers of Israeli users. The banking institutions have alerted the authorities, but have decline to comment on the allegations. Unnamed officials are claiming that the threat is not considered serious.
ZeuS Trojan Targets BTC China Customers
December 19, 2013 –Researchers have identified a new version of the ZeuS malware, dubbed Gameover designed to target BTC China and other Bitcoin exchanges. According to researchers, the malware waits for the owners of infected computers to visit the website of BTC China, once they do the malware steals their usernames, passwords, and hijacks their accounts. Researchers note that the Trojan steals the credentials and then suspends the session temporarily and a fake window is injected into the session instructing the user to enter their one-time password for security measures. Cybercriminals are increasingly using Bitcoins to launder their criminal proceeds, using the crypto-currency as the middleman for laundering funds without leaving any tracks.
Airline Spam Used To Distribute Malware
December 19, 2013 –According to a new report, cybercriminals have launched a new campaign in which they send emails purporting to be from an airline company. Researchers say the notifications appear to come from airline companies such as, American Airlines, US Airways, Delta Airways, and British Airways. The email usually informs the recipients that an electronic ticket has been purchased on their behalf, however the file attached is not a e-ticket, rather a variant of the Kuluoz malware. This particular malware is designed to download and execute other pieces of malware, such as ZeroAccess or fake antiviruses. The spam messages are distributed with the aid of the Cutwail botnet, which experts believe cybercriminals may have started using due to the large number of people traveling during this period. Researchers have also stated the new Kuluoz malware comes with a new feature, where once the computer is infected, the malware beings collecting system information, including installing antivirus solutions on the device.
Sister Operation To OpKillingBay Announced
December 18, 2013 –Hacker group, R00ts3curity, has announced a sister operation to #OpKillingBay, the Anonymous led campaign protesting the slaughter of dolphins and orcas in Taiji, Japan. The hackers announced the sub operation to #OpKillingBay, via video threatening Peruvian officials that they will "leak and destroy every server" for allowing the slaughter of dolphins in Peru. It is being reported that dolphins off of Peru's Pacific coast are being killed for the sole purpose of use as shark bait. At the time of this writing no attacks have been launched on Peruvian cyberspace. Anonymous has also released its intended target list for the continuation of #OpKillingBay. Anonymous has encouraged its followers to deface and launch distributed denial-of-service attacks on websites such as SeaWorld, World Association of Zoos and Aquariums, and the International Marine Animal Trainers' Association. At the time of this writing no known attacks have been reported.
People's Bank Of China Website Attacked
December 18, 2013 –The People's Bank of China (PBOC), China's central bank, is planning to ban payment companies from working with Bitcoin exchanges, according to a report. In response hackers have launched a distributed denial-of-service attack against the financial institution's website. According to some Chinese media outlets, it is believed that Bitcoin investors may have been behind the attack. Central bank officials have said they are working to get the website back online, however at the time of writing, the website pbc.gov.cn, is still inaccessible. Since the emergence of the ban the price of Bitcoin has dropped considerably.
New Trojan Targets ATMs
December 18, 2013 –According to a new report, researchers have come across a new Trojan designed to steal information from ATMs. The trojan is called 'Trojan.Skimer.18' and targets the devices developed by one of the world's largest ATM manufactures. The malware is loaded onto targeted machines via an infected application, once the ATM is infected the 'Trojan.Skimer.18' creates a log file. Then, when a card holder uses the ATM, it reads the data, namely the payment card number, expiration date, and the card verification value (CVV). Researchers also say the malware is capable of capturing the encrypted PIN of the individual as well. The attacker then simply enters a number associated with a specific command in order to display the statistics of the collected data. Researchers point out that the Trojan is similar to others designed to target ATMs.
Anonymous Re-launch OpGabon
December 18, 2013 –Anonymous has released a video announcing the re-launch of OpGabon. The, Anonymous led campaign, is seeking to draw media attention to the ritual killings occurring in Gabon. The re-launch of the campaign comes as Gabon prepares for the upcoming municipal elections, which according to Anonymous, has led to an increase in the number of ritual killings in the country. Anonymous will be planning distributed denial-of-service attacks against a large number of Gabonese websites, such as Gabonese President Ali Bongo's personal website, the Gabonese Department of Defense, and the Gabonese Department of Justice websites.
Royal Bank Of Scotland Suffers DDoS
December 17, 2013 –The online services of the Royal Bank of Scotland have suffered two outages; one due to a distributed denial-of-service attack, and another due to undisclosed technical issues. Soon after the outages, the banking institution issued a message to users alerting them about the possibility of phishing attacks. Once the outages were over, RBS customers began to receive phishing emails designed to have them give their personal information to the cybercriminals. The emails carried subject lines such as, 'Security Precaution' stating to the user that they must 'Activate My Card' in order for their card to be restored to normal working condition. However, once the user clicks on the activation link they are taken to a hijacked website belonging to a company in Poland. The website has been set up to host a legitimate looking RBS phishing page, where victims are asked to enter their credit card online services username, PIN, password, email address and email password. Once the information is entered the victim is taken to a genuine RBS website. Google has already flagged the malicious page, however it is likely that the cybercriminals are using multiple compromised websites in their scheme.
Hackers Use Government Officials Credit Cards For Donations
December 17, 2013 –The hacker group, TeamBeserk, has announced a new campaign called, OpBeserkChristmas, which will make donations to the less fortunate with the credit cards of government officials, employees and corporations. The hackers have claimed that they will use the stolen payment card information to donate gifts, including toys, blankets, tablets, computers and other items to homeless shelters and children's centers from all over the world. They have allegedly already made a donation to a children's shelter in San Antonio, Texas, at the expense of a Texas judge. According to reports some of the stolen information comes from the systems of Edwards County, Texas, however the hackers are refusing to name any of the other systems they've stolen from.
Cedar Rapids, Iowa High School Website Hacked & Defaced
December 17, 2013 –According to a report, unidentified hackers, have breached the website of Washington High School in Cedar Rapids, Iowa. The hackers have defaced several pages with racists messages. In one reported post, the hackers invited the websites visitors to take part in a 'KKK Klan Appreciation Day' on Christmas Eve. The content was quickly taken down by website administrators; representatives of the school district say they are uncertain who is behind the attack, but they are working to find out how the attackers managed to breach the website. Due to the offensive content authorities have also been called in to investigate the incident.
Las Vegas Hotel & Casino Website Breached
December 17, 2013 –The hacker, zVapor, is claiming he hacked the website of VegasTripping.com, a website providing a guide to Las Vegas hotels and casinos. The hacker stated that a SQL Injection vulnerability in the Board section of the website allowed him to compromise the database server. The hacker leaked all user information from the target server. The database dump contains user names, hashed passwords, e-mail addresses, country and other personal details. The hacker has also published the personal information of the site administrator. The vulnerability has been fixed, however individuals who have signed up for the website are being advised to change their user name and passwords.
University of North Carolina Data Breached
December 16, 2013 – According to a report, the University of North Carolina at Chapel Hill is investigating a personal information data breath that affects more than 6,000 people. According to school officials the files containing information such as names, social security numbers and dates of birth of some current and former employees, vendors and students were accidentally made public. Officials also learned last month that some of these files were accessible on the Internet. Less than two weeks later the files were no longer online anymore. Officials believe some safeguards that protect such files had been accidentally disabled this past summer while a computer was undergoing maintenance. School officials have begun notifying people whose information was affected.
Leak In Response To Hezbollah Commander Assassination
December 16, 2013 – The hacking group known as Islamic Cybe Resistance Group has leaked information allegedly related to Al-Qaeda, Israel and Saudi Arabia. The personal details of 2,014 people working for the Israeli army and 1,000 members of the Saudi army have been leaked online. The published information includes names, email addresses, phone numbers, addresses and military ranks. The hackers also claim they have access to 7 GB of information from the Saudi Binladin Group, which they claim is a major financial supporter of Al-Qaeda. The hackers have obtained 5 million 'secret documents' from the company's internal communications, however, to date only 2,200 documents have been leaked. The attack comes in response to the assassination of Hezbollah commander, Hassan Lakkis, in Beirut. The message left by the hackers claims they will avenge the assassination of Lakkis and warns Al-Qaueda and Mossad that their next operation will be 'much more damaging.' The leaks, as well as the attacks, are dedicated to the children of Lakkis.
Moroccan Hackers Deface Ministry of Finance Website
December 16, 2013 – The hacker group known as Moroccan Ghosts has hacked the official website of the Nigerian Federal Ministry of Finance. The hackers left a message on the defaced page explaining the reason for the attack on Nigerian cyberspace, stating, “Moroccan Ghosts! Website Hacked ! Coz you support the Algerian Front of Polisario ! Dedicated to All Moroccans..” The Polisario Front is a Sahrawi rebel national liberation movement working for the independence of Western Sahara from Morocco. This is the second attack on a high profile Nigerian government website by Moroccan Ghosts. At the time of this writing the official website has been fixed and is operating normally.
Official Website of Bangladesh Police Attacked By Hackers
December 16, 2013 – The hacker group know as, Izzah Hackers, was able to launch a successful distributed denial-of-service attack on the official website of the Bangladeshi police. The attack is part of the ongoing Anonymous campaign, OpBangladesh a response to Bangladeshi police arresting and killing protesters in Bangladesh. The attack comes as unrest in Bangladesh continues after the execution of top opposition leader, Abdul Quader Molla. Molla was the assistant secretary general of the Bangladesh Jamaat-e-Islami party. At the time of this writing the website is still down and has been down for over 20 hours. Izzah Hackers are also planning more attacks on websites from Bangladesh, Burma, and Myanmar.
Russian Hackers Steal Details of 54 Million Turkish Citizens
December 16, 2013 – According to a new report, Russian hackers may have stolen the personal details of around 54 million Turkish citizens. A general manager of a research company has revealed that the ID numbers, addresses, and father's names of 54 million voters has been stolen from political parties. Turkey's Supreme Election committee has been sharing the information with political organizations. It is also reported that some of these organizations didn't have protections in place to stop the hackers, making it even easier to steal the data. A recent report from Turkey's State Audit Board also revealed that some government institutions share citizen's personal information online with other organizations without ensuring the content is properly protected.
Anonymous Announces OpFoxBlackout
December 13, 2013 – Hacker group AnonymousFL_US has announced a new operation targeting Fox News. According to a message from AnonymousFL_US the attack is in response to Fox News' “right wing propaganda, racist over tones, and a lack of respect for the truth.” The hackers are calling upon other Anonymous members to join in the attack, as they plan to hijack 'their news feed with our own message and take down their site and replace it with information and links to various #Anonymous #Ops and our own message for the people.” At the time of this writing their is no proposed date for the planned attack.
Anonymous Attacks Japanese-American Embassy Phone Lines
December 13, 2013 – Members of the AnonymousOpsUSA hacking group launched a distributed denial-of-service attack on the phone lines of the Japanese/American Embassy in Washington, D.C. Yesterday. Plans for the attack were first seen earlier this week when AnonymousOpsUSA posted the main office phone number of the Embassy. The motivation behind the attack is in support of OpKillingBay, the operation by Anonymous protesting the killing of dolphins and orcas in the town of Taiji, Japan. AnonymousOpsUSA also stated they will be attacking the phone lines of the White House Tuesday, December 17.
Real Estate Website Hacked by TeamHackArgentino
December 13, 2013 – The hacker group TeamHackArgentino, a subgroup of Anonymous Argentina, has hacked and defaced the Interior Administrations website of Argentinian real estate company, Sergio Villella. According to a message from the hacker known as HackerArgentino the group has hacked the 'database of tenants and guarantors'. The group has also left a message on the website stating, 'No more Corruption in my country, more security please.' At the time of this writing the website is still displaying the defacement message.
Four Embassies In Japan Targeted As Part Of OpKillingBay
December 13, 2013 – The websites of the Taiwanese, Indonesian, Argentinian, and Russian embassies in Japan are all down due to a distributed denial-of-service attack by members of the hacker group, Anonymous. The attacks are part of the on going OpKillingBay operation by Anonymous. At the time of this writing several websites are still down.
Cyber Criminals Using Database Cloud Services
December 12, 2013 – A new botnet has been discovered that is using database-as-a-service platforms to steal commercial online banking credentials. Researchers are calling it a warning sign for possible future targeted attacks on databases by outside attackers. It is being reported at least 370 machines have been infected within the last five days via the banking Trojan. According to researchers the malware will begin targeting internal enterprise databases very soon and infection is “inevitable, and comprise of a portion of workstations within a network should be considered an inherent condition.” The research concludes that any enterprise database platforms running in the cloud, can be vulnerable to cloud-borne attacks.
Syrian Ministry Of Health Website Taken Down
December 12, 2013 – According to the hacking group known as An0ymousLulz, the Syrian Ministry of Health website was brought down by a distributed denial-of-service attack. The motivation of the attack is said to be in support of the Syrian revolution and part of the greater OpSyria campaign. The Ministry of Health is responsible for supervising the health sector in the Syrian Arabic Republic, as well as providing Syrians with health directories, statistics, and drug and nutrition information. At the time of this writing the website is restored and functioning properly.
30 Government Websites Hacked in India
December 12, 2013 – More than 30 government websites in the Indian state of Rajasthan have been hacked and defaced by Pakistani hacker, H4x0r HuSsY. The defacement message reads, “Proved to be Hell For India! I might Opt Out of the Cyber World As I don't get much time. But Here's a Peace Message. To All Indian Hackers etc etc U Gotta Look at my Zone-H Archive Whenever you have Intentions of hacking (.PK) Sites." At the time of this writing several of the websites have been taken down.
Nepal College Website Hacked By Anonymous Afghanistan
December 12, 2013 – The website of the Namuna College of Fashion Technology in Nepal has been hacked and defaced by Anonymous Afghanistan. At the time of this writing the website is still defaced with the message, “Hacked by Anonymous Afghanistan” with the name of the attacker, Zishan Rider, telling the website Administrator to patch the vulnerability.
Canada Spying For The US
December 11, 2013 – According to a newly released document, the Communications Security Establishment Canada (CSEC) has worked with the NSA in "approximately 20 high-priority countries", some of which are trade partners to the U.S. The document also claims that, "CSEC shares with the NSA their unique geographic access to areas which are unavailable to the U.S.” Former NSA official turned whistle-blower, Thomas Drake, said it comes as no surprise that the two agencies are working together. The relationship between the two intelligence agencies is described as being close and co-operative with both sides looking to expand and strengthen.
NSA Tracking Targets With Google Cookies
December 11, 2013 – According to a new report the NSA and GCHQ, are using 'cookies' which advertising networks place on computers to identify people browsing the Internet. In particular the intelligence agencies are using the part of the Google-specific tracking cookie known as "PREF." Though the cookies do not contain personal information, they can uniquely identify a person's browser using the numeric codes that enable Web sites. According to leaked documents the cookies are used to 'enable remote exploitation.' This technique is used to let the NSA hone in on individuals already under suspicion and suggests that the agency is using these tracking techniques to help identify targets for offensive hacking operations.
LA Gay & Lesbian Center Hacked
December 11, 2013 – The Los Angeles Gay & Lesbian Center is notifying 59,000 people that their personal information was compromised in a hack of their computer systems. The stolen information includes names, contact information, payment card details, medical or health care information, dates of birth, social security numbers and health insurance account numbers. A piece of malware was loaded onto the Center's systems and was stealing information between September 17 and November 8. Authorities are currently investigating the incident.
RootSecurity Announces Support Of OpKillingBay
December 11, 2013 – Members of the RootSecurity hacking group have posted a video announcing their support of the OpKillingBay campaign. OpKillingBay is the Anonymous operation that is protesting the killing of dolphins and orcas in the Japanese town of Taiji. The hackers said in the video, “We will kill servers and leak every database we can get our hands on until you realize the wrong you're doing, we are done playing around, it is time for the games to stop.” So far they have leaked information from three Japanese websites, however the sites have nothing to do with dolphins.
Black Hole Found In The Internet
December 10, 2013 – In 2008 two security researchers at the DefCon hacker conference demonstrated a massive security vulnerability in the worldwide internet traffic routing system. The vulnerability is so severe that it may allow intelligence agencies, corporate spies, or cyber criminals to intercept massive amounts of data. At the time of the conference no real threat came from it, however earlier this year someone began using their technique to hijack internet traffic headed to government agencies, corporate offices and other recipients in the U.S. This traffic was redirected to Belarus and Iceland before sending it on its way to its legitimate destinations. It has not been determined who is behind the hijacking or their motivation.
TeamBerserk Announces Return
December 10, 2013 – The hacking group known as TeamBerserk have announced they are returning to hacking. After several months of inactivity, the hackers released a statement saying, “After many days at port, days filled with rum, women and lulz – which have recovered us. We have again united for an explosive several weeks of exploitation, mayhem and LoLz.” To mark their return, the hackers have leaked 23 documents they allegedly stole from Edwards County, Texas Judge Souli Shanklin. They are also claiming to have breached Shanklin's Amazon account.
Alleged Skynet Botnet Creator Arrested In Germany
December 10, 2013 – The German Criminal Police Office has reported that they have arrested the cyber criminals responsible for creating the Skynet Botnet. Skynet is a variant of the infamous Zeus malware. When the Skynet Botnet infects a system it downloads Bitcoin miners, exploits computational resources of the victim's system and uses them in the mining process. According to a press release from the German police they have arrested two individuals suspected of illegally generating Bitcoins worth nearly $1 million using the malware. It is not yet clear whether or not the Skynet servers were taken down by the German police.
United Nations Ethiopia Site Defaced
December 10, 2013 – The Turkish hacking group known as Ayyildiz Tim are claiming to have breached and defaced the United Nations in Ethiopia website. The defacement message says that the hackers will start a virtual war with anyone that is against their country or religion. At the time of this writing the site is still defaced. In addition, the hackers also defaced several other sites from Italy, Brazil, Thailand, Vietnam and Honduras. Many of these sites are also still defaced.
French Government Spoofing Google Domain Certificates
December 9, 2013 – Google has reported that France's cyber defense division, ANSSI, has been detected creating unauthorized digital certificates for several Google domains. An intermediate certificate authority (CA) issued the certificates, which links back to ANSSI. Google wrote, "Intermediate CA certificates carry the full authority of the CA, so anyone who has one can use it to create a certificate for any website they wish to impersonate." ANSSI released a statement that revealed the intermediate CA is really its own infrastructure management trust administration. In the statement, ANSSI claims that the fake certificates were a result of "human error, which was made during a process aimed at strengthening overall IT security." ANSSI went on to say, "The mistake has had no consequences on the overall network security, either for the French administration or the general public." Google says that this incident is an example for the need for its Certificate Transparency project, which is aimed at fixing flaws in the SSL certificate system that could result in man-in-the-middle attacks and website spoofing.
Radio Free Europe Hit With DDoS Attack
December 9, 2013 – The Radio Free Europe/Radio Liberty website was hit with a distributed denial-of-service attack as it was providing coverage of the ongoing protests in Kiev, Ukrain. Radio Free Europe is a media organization with over 700 journalists in 21 countries. The website was down for about three hours before it was fully restored. No suspects have been identified in this attack. At the same time, Anonymous hackers have been launching DDoS attacks against government websites in support of the protesters. The Anonymous targets included the website of the presidency, the main government portal and the site of the Ministry of Internal Affairs.
20 Million Hotel Reservations Leaked By Chinese Hackers
December 9, 2013 – The Chinese hacking group known as the Harbors of Evil Goods are claiming to have breached the systems of CNWisdom, China's largest wireless Internet service provider for hotels. As part of the breach, the hackers have leaked the details of around 20 million hotel reservations. The leaked information includes phone numbers, email addresses and physical addresses. CNWisdom is saying that the data may not have been from their systems, since some of the information is from hotels that are not their customers.
Syrian Hacker Targets Indian Government Sites
December 9, 2013 – The Syrian hacker known as Dr. SHA6H is claiming to have hacked and defaced eleven websites belonging to the government of the Indian state of Kerala. The defacement message is a protest against the Syrian regime's actions of murder and destruction. Dr. SHA6H wrote, "Is there an international interest with Bashar al-Assad? Or economic interest, or is [it] a political interest? We want answers [from] all the countries of the world, there are children dying, women [abused] and houses destroyed." At the time of this writing all of the sites have been taken offline.
Anonymous Threatening Twitter
December 6, 2013 – Earlier this week it was reported that Twitter had suspended several Anonymous related accounts. In response to this action by Twitter, members of the Anonymous collective have issued a statement. The statement begins, "You have the ability to suspend Twitter accounts . . . We have the power to suspend websites." The hacktivists are calling for Twitter to reinstate the @Anon_Central account, which has been used to distribute news about attacks and plans for future attacks. If the account is not reinstated the hacktivists promise that things will "get very messy." They said, "If the suspended Twitter account @Anon_Central is not returned, you may have to fix a database leak." The statement was signed, "Team AnonymousOpsUSA & various LulzSec entitites."
TeslaTeam Targets Government Sites
December 6, 2013 – The Serbian hacking group, TeslaTeam, has targeted government websites belonging to various different countries. In each of the attacks the hackers have leveraged SQL vulnerabilities to breach the sites. The most recently affected sites include the Albanian Ministry of Economy, Trade and Energy, Ghana's Ministry of Finance and Economic Planning and the Court of Bosnia. None of the sites have been defaced, but the hackers have stolen and leaked data from the targeted database servers. The stolen data includes user names and passwords.
RedHack Demands Release Of Hacker By Turkish Government
December 6, 2013 – Members of the RedHack hacking group have posted a video aimed at the Turkish government, demanding the release of suspected hacker Taylan Kulacoglu. Authorities believe that Kolacoglu is the leader of RedHack, however the other members deny the man has any affiliation with their group. In the video the hackers said, "People practicing their right to freedom of speech and freedom of assembly is threatened with arbitrary arrests and prison. Law has lost its legitimacy and that’s why dictator PM Erdogan openly wages war against people who criticizes his ill-fated politics of divide and rule. We can only win against these evil policies if we can unite and fight." The video did not specify any planned attacks or protests.
Anonymous Responds To Tunisian Internet Censorship
December 6, 2013 – Members of the Anonymous collective have posted a new video with a message for the Tunisian government. The Tunisian government is currently considering implementing a new law that would censor what people post to the Internet. The hacktivists said, "The fact that the Tunisian government is trying to get away with stealing the People’s privacy has shocked us and has driven us to take more precautions. This censorship signifies the comeback of years of oppression and tyranny. To the Tunisian government, We are watching you from very close. We know about the financial , technological and human resources provided by the government. We know that they are financed by the taxpayers and are intended for launching a new dictatorship in the country and the Tunisian cyberspace. We do not tolerate these acts!"
JPMorgan Chase Customer Info Compromised In Server Hack
December 5, 2013 – It is being reported that the personal information of almost 465,000 JPMorgan Chase customers may have been stolen in a breach of the web servers that host the ucard.chase.com website. The breach of the UCard website occurred in July, but was not detected until the middle of September. JPMorgan is saying that there is no evidence that sensitive information has been stolen. They also said that no money was stolen in the attack. JPMorgan is only just now notifying customers because their internal investigation was ongoing since September. The bank has not revealed any information about their investigation. The 465,000 people impacted represents 2% of the 25 million UCard customers.
Customer Information Stolen In Maple Grove Farms Hack
December 5, 2013 – A warning has been issued by B&G Foods North America, which owns the Maple Grove Farms brand, advising customers that their personal and financial information may have been compromised by an attack on the Maple Grove Farms of Vermont website. The stolen information includes names, addresses, phone numbers and payment card numbers. According to B&G Foods, additional technical security measures have now been implemented to prevent future attacks.
Anonymous Threatens Moroccan Government
December 5, 2013 – The Moroccan government is scheduled to sentence the "kissing teens" on December 6. The teens were arrested when one posted a picture of the other two kissing on Facebook. Members of the Anonymous collective have issued a warning to the Moroccan government saying that they are "ready to take action" if the sentence is deemed too harsh. The hacktivists said, "Regardless of the sentence though, Morocco will remain a focus for the Anonymous collective, for human rights violations and corruption heinous and unchecked." To prove that they are serious the hacktivists leaked data that they claim was stolen from a "prominent Moroccan financial institution."
Oregon Cities Hacked By Iranian Hacker
December 5, 2013 – The Iranian hacker known as hossein19123 has hacked and defaced the websites of City of Amity and Sutherlin City, Oregon. The hacker is a known member of the Ashiyane Digital Security Team hacking group. The defacement message on both sites reads, "Your Box Own3z By hossein19123! Ashiyane Digital Security Team! Greats All Ashiyane. Defacers! We are love Iran." At the time of this writing both sites were still displaying the defacement.
Twitter Suspends Over 30 Anonymous Accounts
December 4, 2013 – Twitter has suspended over 30 accounts related to the Anonymous movement. It appears this is a response to a campaign of abuse against feminist campaigners. Anonymous members believe that journalists Caroline Criado-Perez, Hannah Curtis and Caitlin Moran are responsible for the suspensions. One Anonymous member said, "(They) appear to have some direct line to Twitter to get accounts suspended sooner." Criado-Perez responded, "I certainly don't have the power to ban accounts, but I do report accounts that send threats and harass me. Sometimes they get suspended and sometimes they don't."
Two Million Stolen Facebook, Twitter Logins Found
December 4, 2013 – Researchers have discovered a Netherlands-based Pony Botnet Controller Server with almost two million user names and passwords of Facebook, Twitter, Google and Yahoo users. The researchers were able to hack into the Pony Botnet's admin area, which is where they found the stolen information. It is not known how exactly the credentials were originally obtained. The countries with the most stolen credentials were the Netherlands, Thailand, Germany, Singapore and Indonesia. The United States accounted for less than 2,000 stolen logins.
UK Council For Graduate Education Site Hacked And Defaced
December 4, 2013 – The hacker known as smitt3nz has hacked and defaced the website of the UK Council for Graduate Education. The defacement message reads, "So your security wasn't that tight . . . Gr33tz; smitt3nz." The hacker also leaked data stolen from the Council's database. The leaked data includes email addresses and clear text passwords of over 600 users.
Angola Government Sites Taken Down By Anonymous
December 4, 2013 – Members of the Anonymous collective have launched distributed denial-of-service attacks against all Angola government websites. This is a protest against officials accused of being involved in the killing of two political activists last year. The hacktivists have published a list of 70 websites that are targets. At one point earlier today, most of the websites were inaccessible, however most of them were quickly restored and are currently available.
96,000 Bitcoins Stolen From Sheep Marketplace
December 3, 2013 – It is being reported that 96,000 bitcoins have been stolen from the Tor-based underground marketplace, Sheep Marketplace. The site, a replacement for Silk Road, has shut down as a result of the theft. Sheep Marketplace's operators say that only 5,400 bitcoins were stolen, however other sources are reporting much higher amounts. The highest estimate is that a total of 96,000 were stolen, which is valued at almost $100 million. Sheep Marketplace is saying that a vendor found a bug in the site's systems that allowed the theft without being detected. Others, though, say that the site is actually a scam and the owners actually stole the money.
Wisconsin Man Sentenced To 2-Years Probation For Anonymous Attack
December 3, 2013 – Eric Rosol, 38, of Wisconsin has been sentenced to two years federal probation for taking part in the distributed denial-of-service attack against the website of Koch Industries in February 2011. Rosol had pleaded guilty to one misdemeanor count of accessing a protected computer. He is also ordered to pay $183,000 in restitution. Rosol was one of many people that participated in the Anonymous-led attack against Koch Industries. Authorities were able to identify him, even though he only participated in the attack for a little over one minute.
Anonymous Honduras Protests Election Fraud With Hacks
December 3, 2013 – Members of the Anonymous Honduras hacking collective have hacked and defaced several high-profile websites in Honduras. These attacks are a protest against the alleged election fraud that took place during Honduras' presidential election. The targeted sites include a state-owned tourism agency, the Department of Culture, Arts and Sports, the Secretary for Security, Interpol Honduras, the National Police, the Supreme Electoral Tribunal, the Innovation and Unity Party and the Superintendent of Public Private Partnership. The defacement messages accuse officials of manipulating the media, and they urge all citizens to collect evidence of election fraud.
706 Domains Seized For Selling Counterfeit Items
December 3, 2013 – The United States Immigration and Customs Enforcement's (ICE) Homeland Security Investigations (HSI) has partnered with law enforcement agencies from all over the world to seize Internet domain names used to sell counterfeit merchandise. The operation is known as "Project Cyber Monday IV", and has led to a total of 706 domain names being seized. The United States has seized a total of 297 domains and European agencies have seized 393 sites. Hong Kong Customs has taken down another 16 domains. Acting Director of ICE, John Sandweg said, "Working with our international partners on operations like this shows the true global impact of IP crime. Counterfeiters take advantage of the holiday season and sell cheap fakes to unsuspecting consumers everywhere. Consumers need to protect themselves, their families and their personal financial information from the criminal networks operating these bogus sites."
Malware Infects UW Medical Center, 90,000 Patients Impacted
December 2, 2013 – The University of Washington Medical Center is warning patients that their personal details may have been compromised. An employee opened an email attachment that contained malware that has led to almost 90,000 people being impacted by a data breach. The information breached includes names, medical record numbers, dates of service, dates of birth and social security numbers. The FBI is currently investigating the incident.
Israel And Saudi Arabia Working Together To Create Stuxnet-like Malware
December 2, 2013 – It is being reported that Israel and Saudi Arabia are planning to create a piece of malware that will be capable of sabotaging Iran's nuclear program. The aim of the malware is not only to sabotage Iran's nuclear program, but also to gather intelligence. The report says that the countries will be investing about $1 million in the project. The malware is being described as similar to Stuxnet, but more destructive.
70,000 Users Impacted By Vodafone Iceland Hack
December 2, 2013 – The Turkish hacker known as Maxney is claiming to have hacked the systems of Vodafone Iceland. Several of the company's domains have been defaced and details of over 70,000 customers have been leaked. The leaked information includes SMS messages, user names, user IDs, encrypted and clear text passwords, email addresses, financial information and social security numbers. Vodafone took down their website as soon as the defacements were discovered. The company said that they have brought in the country's "most talented professionals in data and network security issues" to investigate the incident.
Anonymous Hacks Venezuelan Government Sites
December 2, 2013 – Members of the Anonymous Venezuela and Anonymous Argentina collectives have hacked and defaced several Venezuelan government websites. The hacktivists left a defacement message that translates to, "This post is dedicated to all Venezuelans. We will not allow this corrupt government to dominate our way of thinking. We are prepared to face them. We will not allow Cuba to dominate our country." Some of the impacted websites have been restored, but several are still defaced. At least 10 government owned sites have been affected.
Report Warns US Army of SEA Attack
November 27, 2013 – A report has been issued by the TRADOC G-2 Intelligence Support Activity's (TRISA) Complex Operation Environment and Threat Integration Directorate (CTID) that warns the United States Army of possible cyberattacks being launched by the Syrian Electronic Army (SEA) hacking group. The report says, "The SEA is clearly a force of disruption, and the long-term implications of its continued presence might very well remain what they are today - primarily a nuisance - or the implications might become more serious if the SEA's message gains greater influence." In addition, the report provides details on past SEA attacks and techniques used by the group.
Time's Person Of The Year Poll Hacked
November 27, 2013 – Two hackers known as Gains and Marek have found a way to bypass the authentication of Time Magazine's Person of the Year poll, and have automatically cast a large number of votes for Miley Cyrus. Voters are supposed to sign in with their Facebook or Twitter accounts, however the hackers developed scripts that allow them to vote on any Facebook user's behalf, without their knowledge. After putting the automating voting script in place, Cyrus went from 15th place to first. Edward Snowden is currently in second place and seems to have a lot of support from Anonymous members. This poll has been hacked before, in 2012 hackers rigged the system to make North Korean leader Kim Jong-un the lead vote getter. Ultimately, Time's editors will select the winner of the award.
Teen Arrested For Hack Of Sachem, NY School District
November 27, 2013 – A seventeen year old has been arrested for illegally downloading information from the computer systems of the Sachem school district in Long Island, NY. Matthew Calicchio, a student at Sachem North High School, has pleaded not guilty to the charge of computer trespass. The records of thousands of students were illegally downloaded and posted online between July and November 2013. Sachem representatives say that they are confident that their systems were not hacked from the outside. Calicchio has been released on bail and is scheduled to appear in court on December 9th.
Anonymous Korea Plans Protest For December 25th
November 27, 2013 – Members of the Anonymous Korea collective have announced a plan for its own Million Mask March on December 25, 2013. The hacktivists are asking people to join them in an anti-government protest in the Chung Gye Square in Seoul. In the video announcing the protest, the hacktivists say, "We have been deprived of things which they have promised to give. Let us remind the government that fairness, justice and freedom are more than words."
New OpKillingBay Targets Announced By Anonymous
November 26, 2013 – Members of the Anonymous collective have announced that they are extending the list of targets for OpKillingBay. The goal of the operation is to raise awareness of the slaughtering of dolphins in Japan by any means necessary, including cyberattacks, letters and messages on social media networks. The newest targets announced include Sea Life Park in Hawaii, MarineLand in Canada, Hotel Dolphin Resort in Japan, the Dolphinarium in Dubai, Ocean Park in Hong Kong and the Georgia Aquarium in the United States. The hacktivists said, "We are trying to be as transparent and open as we can be in hopes of getting more willing Anons, Hacktivist & Activist to help us out. This should be a global effort. United together to stop this [expletive] inhumane massacre and needless captivity."
Australian Crime Stoppers Site Hacked
November 26, 2013 – Members of the Indonesian BlackSinChan hacking group are claiming to have breached Australia's Crime Stoppers website. The hackers posted what they claim to be encrypted passwords and emails attached to members of various police forces. The attack was "payback for Spying (on) Indonesia!" Crime Stoppers Australia deputy chairman Peter Price said, "We don't know what some of these passwords are - we have never seen them." He did admit that, "Yes, the website was hacked and yes, they published information on the Internet, which was not of any critical relevance." The Crime Stoppers' website has been taken down for 24 hours as a precaution.
Central Bank Of India Website Defaced
November 26, 2013 – Members of the Pakistan Cyber Army and Team MaDLeeTs hacking groups have hacked and defaced a section of the Central Bank of India's website. The attack is a response to Indian hackers targeted several Pakistani sites to commemorate the November 26, 2008 Mumbai attacks. The Pakistani hackers wrote, "This attempt is in response to the Pakistani websites hacked by 'Indian Cyber Army'. We told you before too. We are sleeping but NOT dead!" The Central Bank of India took down the defaced page as soon as it was discovered.
$1 Million In Bitcoins Stolen From BIPS
November 26, 2013 – Bitcoin Payment Solutions (BIPS), a Danish bitcoin exchange, had more than $1 million in bitcoins stolen in a recent hack. In response, BIPS has temporarily shut down its consumer wallet initiative, while they re-architect the security model to prevent future attacks. The company issued a press release saying, "All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted." This is at least the third bitcoin exchange hack this month.
New York State Government Sub-Domain Defaced
November 25, 2013 – The Indonesian hacker known as Jje Incovers is claiming to have hacked and defaced a sub-domain of a New York State Government information portal. The affected domain belongs to the Hudson River Valley Greenway, which now displays a defacement page. The defacement message says, "Hacked by Jje Invcovers, I'm single Attacker !! - SANJUNGAN JIWA!!" No reason was given as to why this sub-domain was targeted. At the time of this writing the sub-domain has been taken off-line.
Anonymous Leaks Documents On Italy's Lombardy Region Governor
November 25, 2013 – As part of Operation Italy, members of the Anonymous collective have leaked documents belonging to Roberto Maroni, the current governor of Italy's Lombardy region, and former Interior Minister. The hacktivists say that Maroni is "one big corrupted son of a gun." The leak contains a 368Mb archive file that contains almost 500 documents, including a copy of Maroni's passport. Anonymous posted a message with the leaked information saying, "Tell us about your secret affairs with Aiello mafia and all the other nasty things people will find out today without your NOBLE consent. Drink expensive wine, drive expensive car pay no TAX and enjoy life while Lombardy suffers from all kinds of criminal wars and corruption." The hacktivists plan on targeting the presidents of several Italian regions, including Sicily, Tuscany, Campania and Puglia.
370 Israeli Websites Hacked By Tunisian Hacker
November 25, 2013 – The Tunisian hacker known as CapoO_TunisiAnoO is claiming to have breached and defaced 370 Israeli websites. The attacks are a show of support for Palestine. The sites had several different defacement messages, but all had the same theme. One message read, "Israel, we love to smell your fear! Hacked By CapoO_TunisiAnoO 'Tunisien Elite Hacker' Greets to All Hackers that support Gaza case! Message: This is only the beginning . . . To Catch Me, You Must Be Faster Than Lightning. To Trace Me, You Must Be the Smartest People!" The affected sites belong to private businesses in Israel.
Australian National University Hacked By Indonesian Hackers
November 25, 2013 – The Indonesian hacking group known as Gantengers Crew has hacked and defaced a sub-domain of Australian National University. The hackers say this attack is in response to Australian spying against the Indonesian government. The sub-domain belongs to the University's Deepening Histories of Place Project. The defacement message reads, "Hacked by Gantengers Crew! We Are Gantengers Crew." The hackers say they will continue targeting Australian government owned websites until an official apology is issued. At the time of this writing the site is still defaced.
Malware Targeting Apache Tomcat Servers
November 22, 2013 – Servers running Apache Tomcat are being targeted by a back door worm that acts as a Java Servelet, but instead of creating a web page, it acts like an IRC bot that receives commands from the attacker. The malware is designed to scan and infect other Tomcat servers, so users visiting the pages from the compromised server are not in any danger. Researchers believe that the purpose of the attacker is to create DDoS attacks from the compromised servers. The command and control servers have been located in Taiwan and Luxembourg.
Flaws In Google Password Recovery Allow Hackers To Hijack Accounts
November 22, 2013 – Researchers have discovered several vulnerabilities in Google's password recovery process that could have been leveraged by hackers to hijack accounts. Three types of flaws could be exploited: cross-site request forgery (CSRF), cross-site scripting (XSS) and a flow bypass. The researchers showed how combining the vulnerabilities with a realistic looking phishing email could lead to user accounts being hijacked. Ten days after being notified, Google announced that they have fixed the vulnerabilities.
Over 40 Chinese Government Sites Defaced
November 22, 2013 – Members of the Code Newbie hacking group have hacked and defaced over 40 sub-domains belonging to China's Fifth Agricultural Construction Division. The hackers, who are from Indonesia and Malaysia, say that they defaced the sites to simply test their security. The defacement pages were added to the "Images" folder of each sub-domain. Shortly after the hacks were discovered the sub-domains were taken down and fixed. However, the administrators did not patch the vulnerabilities that the hackers used, allowing the hackers to deface the sites a second time once they were back online.
Syrian Secret Police Hacked By Refugee Hackers
November 22, 2013 – A leading member of a Syrian youth opposition movement is claiming to have breached a Syrian government and secret police database. The hacker said, "It was easy to look at the secret police's systems, which were left wide open to public view. The information they held was scary." According to the hacker, the databases contained records of the web traffic for much of the Syrian population, which allowed him to identify the IP addresses of the secret police. "What we found was that agents would watch pornography whilst at work," he said.
GitHub User Accounts Hacked
November 21, 2013 – A brute force attack was launched against GitHub accounts earlier this week. Failed login attempts were seen coming from China, Venezuela, Indonesia, Ecuador and other countries. GitHub has said that some users who use weak passwords have been compromised. GitHub released a statement saying, "While we aggressively rate-limit login attempts and passwords are stored properly, this incident has involved the use of nearly 40K unique IP addresses. These addresses were used to slowly brute force weak passwords or passwords used on multiple sites. We are working on additional rate-limiting measures to address this." Users will be kept posted in case source code or sensitive information is found to have been stolen.
Pakistani Hacker Defaces Indian Radio Site
November 21, 2013 – The Pakistani hacker known as BLACK H3ART has breached and defaced the website of All India Radio Allahabad. The defacement message reads, "Before today I was only giving warning to you Indians but now you have crossed your limits by interfering in our land and killing our men on border now see how we destroy your cyberspace and your country . . . Pakistan Zindabad ALLAH HO AKBAR!!!" The hacker also referenced several other Pakistani, Syrian and Iranian hackers. At the time of this writing the defacement page was still displayed.
Australian Federal Police and Reserve Bank Of Australia Hit with DDoS Attacks
November 21, 2013 – Members of the Anonymous Indonesia collective launched distributed denial-of-service attacks against the websites of the Australian Federal Police (AFP) and the Reserve Bank of Australia (RBA). The attacks were part of the protest against the Australian spying on Indonesian government officials. The AFP says that no sensitive information was hosted on the affected site. "Activities such as hacking, creating or propagating malicious viruses or participating in DDoS attacks are not harmless fun. They can result in serious long-term consequences for individuals, such as criminal convictions or jail time," an AFP spokesman said. A RBA spokesperson said, "There has been no outage but the Bank's website has been experiencing access delays fro some users. The bank's website and systems remain secure." At the time of this writing both websites are operating normally.
Anonymous Defends Moroccan "Kissing Teens"
November 21, 2013 – Members of the Anonymous collective have launched a new campaign in protest of the arrest by Moroccan authorities of two teenagers kissing and their friend who took the photo. The three teens face charges of violating public decency for sharing the photo on Facebook. The hacktivists have hacked Morocco's Department of Water, which is a branch of the Moroccan Ministry of Energy, Mines, Water and Environment. Anonymous issued a statement saying, "Drop the charges against these teenagers. pull back from the brink of the unbelievable two year sentence they could be facing for simply expressing affection for each other and we will also back down." If authorities do not take the warning, the hacktivists say they will "rip through government servers, leaking and deleting." Sample data from the hack of the Department of Water was also released, which included personnel files, bank transfer details and passwords.
Anonymous Declares Global Cyberwar Against US Government
November 20, 2013 – Members of the Anonymous collective have posted a new video declaring "global cyberwar" against the US government. The hackers say they have been driven to this war due to the NSA spying, the Trans-Pacific Partnership and the "unjustified" sentencing of Jeremy Hammond. In the video the hackers say, "We ask the people to be aware, let the war be handled by us." They say that they don't want their supporters to launch any real-world or online protests because that hasn't been effective before.
Dating Website Hack Exposes 42 Million Plaintext Passwords
November 20, 2013 – Earlier this year, the dating website Cupid Media suffered a breach that exposed users' names, email addresses and plaintext passwords for 42 million accounts. The stolen information was found on the same servers that contain tens of millions of records stolen in separate hacks of sites including Adobe, PR Newswire and the Naitonal White Collar Crime Center. A review of the Cupid Media user information showed that more than 1.9 million accounts used the password 123456, and another 1.2 million used 111111. The company says they have notified all affected users, and are in the process of double-checking that all affected accounts have had their passwords reset.
Syrian Ministry Of Electricity Website Hacked
November 20, 2013 – The Bangladeshi hacker known as Albaze Ever is claiming to have breached and defaced the Syrian Arab Republic's Ministry of Electricity website. The defacement message left said, "Hacked by Albaze Ever! Bangladesh Grey Hat Hackers. . . too bad as we have hacked Syrian Ministry of Electricity!" The hacker did not give any reason for the attack. The site was restored, but hacked a second time by an Iraqi hacker known as Abu Abid. Abu Abid left a message in Arabic. At the time of this writing the site has been restored and is operating normally.
OpKillingBay Expands To Target SeaWorld, FedEx And Other Organizations
November 20, 2013 – Members of the Anonymous collective recently launched OpKillingBay, which initially was focused on disrupting Japanese government websites in protest of the killing of whales and orcas in Taiji, Japan. The hacktivists are now expanding the operation to target other organizaitons that are also "responsible for the slaughtering in Taiji, not just the Japanese government." Some of the new targets include the International Marine Animal Trainers Association, the World Association of Zoos and Aquariums, SeaWorld, FedEx and Japan Air. The hackers say that SeaWorld and other aquariums are the "main culprits" because they buy the animals from Taiji and that FedEx, Japan Air and other companies "make a profit from transporting them." The hackers released a statement saying, "They need to know and the public needs to know this is not (expletive) alright. We need to cut off the supply chain and it starts with those airlines who are complicit."
E! Online Hacked By Serbian Hacking Group
November 19, 2013 – Members of the Serbian hacking group, Tesla Team, are claiming to have breached a sub-domain of eonline.com. The E! site provides entertainment news and gossip. The hackers say they leveraged a SQL injection vulnerability in the website. A database containing lists of user names, passwords and phone numbers was posted by the hackers. Tesla Team is the group that recently breached the Vevo website.
AnonGhost Defaces Hillside, Illinois Police Department Site
November 19, 2013 – Members of the AnonGhost hacking group have breached and defaced the website of the Hillside, Illinois Police Department. The hackers left a defacement message against the "governments of the world." There was also an audio message left on the site that criticizes NATO's role in Muslim countries. At the time of this writing the site has been restored and is operating normally.
Website Of Franklin County, Ohio Hacked And Defaced
November 19, 2013 – The official website of Franklin County, Ohio has been hacked and defaced by the hacker known as /Nullroot. The hacker added the defacement page to the site, no other pages were impacted. The defacement message left reads, "Greetings to everyone at /Nullroot. We are coming back #2013!" The hacker did not leave any reason for the hack. At the time of this writing the site is still defaced.
LulzSec Peru Breaches Peru's National Police
November 19, 2013 – Members of the LulzSec Peru hacking group have hacked and defaced the website of Peru's national police. The hackers left a defacement message in Spanish that translates to, "Welcome to the new page of the National Police of Peru (a.k.a. the Delinquent Police of Peru)." Law enforcement is being targeted because the hackers feel they are "useless, corrupt, inefficient and delinquents." The hackers also accuse the authorities of taking bribes without "the slightest sense of shame." At the time of this writing the site has been restored and is operating normally.
FBI Says Anonymous Has Been Hacking Government Systems For The Past Year
November 18, 2013 – The Federal Bureau of Investigation has issued a memo that says members of the Anonymous collective have breached US government computers and stolen sensitive information in a campaign that began a year ago. According to the memo, the hackers leveraged a vulnerability in Adobe Systems' software to launch a series of hacks, then left back doors to return to several of the machines. The hacks affected computers at the Department of Energy, the US Army, the Department of Health and Human Services, the US Sentencing Commission and several other departments. Authorities believe these attacks are still active. Investigators are continuing to gather information on the scope of the campaign. It is believed the stolen data includes personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on almost 2,000 bank accounts. The FBI wrote, "It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed."
8 NASA Subdomains Hacked And Defaced
November 18, 2013 – Members of the M4STER 1T4L!4N H@CKERS TE4m are claiming to have breached and defaced eight subdomains of NASA's Ames Research Center. No motivation for the attacks was given. The defacement message simply says, "Hacked By M4STER 1T4L!4N H@CKERS TE4M." At the time of this writing the sites are off-line. This is a new hacking group and their normal techniques and targets are not yet known.
Anonymous Targets Russian Sites In Support Of Greenpeace Activists
November 18, 2013 – Members of the Anonymous collective have launched distributed denial-of-service attacks against several Russian websites in a protest against the arrests of 30 Greenpeace activists. The targeted sites include the Ministry of Foreign Affairs, the Embassy of Russia in the United States, the General Consulate of Russia in the United States and energy company Gazprom. The Greenpeace activists are charged with piracy and hooliganism and face up to 15 years in prison. Anonymous released a statement saying, "Anonymous has . . . decided to respond with Operation Green Rights. The operation is designed to target high level communication assets of the Russian Federation world wide." The hacktivists have said that if Russia doesn't release the activists the attacks will intensify.
German Web Hosting Provider Hit With Large DDoS Attack
November 18, 2013 – The German web hosting provider, Hetzner, has suffered a distributed denial-of-service attack. According to the company the first wave of the attack lasted approximately 12 hours, but resumed again a few hours later. The second wave of the attack began last night, there has been no word from Hetzner about the attack being over. They did say, "It appears the attack switches targets." At one point, the attack was running at about 60 Gbps.
Anonymous "Will Destroy" Trans-Pacific Partnership Agreement
November 15, 2013 – Members of the Anonymous collective have issued a statement saying they will do everything in their power to destroy the proposed Trans-Pacific Partnership (TPP) agreement. TPP is a proposed law that is far stronger than the controversial SOPA or ACTA. The hacktivists said, "The TPP would restrict the world's access to knowledge and destroy the Internet as we know it. We will rise up and take back the Internet, reclaim what is ours for the good of the Earth and its people." They did not reveal any targets or dates of attacks.
Anonymous Member Arrested For Singapore Hacks
November 15, 2013 – James Raj, 35, a Singaporean hacker was arrested for hacking the website of the Ang Mo Kio town council. Raj, an admitted member of the Anonymous collective, is accused of defacing the site with the Anonymous logo and a message against Singapore's new Internet laws. The new laws were introduced in June of this year. There has been a great deal of criticism and anger among online communities and bloggers, with many believing these laws are an attempt to sideline online voice and freedom of expression.
Cracked.com Serving Malware
Moroccan Government Site Hacked By Anonymous Arabe
November 15, 2013 – CThe hacker known as kjfido, a known member of the Anonymous Arabe hacking group, is claiming to have hacked and defaced the website of the Moroccan province of El Jadida. The defacement message read, "Hacked by Anonymous Arabe, why we did this? Ask yourself ! Don't close your eyes . . . 'Anonymous Arabe is Everywhere' we hacked your website because its security failed. We are the leaders of the world that act in the shadow. Anonymous Arabe. We do not forgive. We do not forget. Expect us." At the time of this writing the site has been restored and is operating normally.
MacRumors Hacker Says They Won't Use Stolen Passwords
November 14, 2013 – The hacker known as Lol, a member of the group that hacked MacRumors Forum and stole user names and passwords of over 860,000 users, has said that they will not use the stolen information to compromise the accounts of people that use the same login credentials on other sites. The hacker provided information that was not publicly available to prove that he indeed was involved in the breach. MacRumors Editorial Director Arnold Kim confirmed that the information was real. Lol said in a posted statement, "We're not logging in to your gmails, apple accounts, or even your yahoo accounts (unless we target you specifically for some unrelated reason). We're not terrorists. Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place." According to the hacker, the breach of MacRumors was simply to test their skills. Lol continued by saying, "Consider the 'malicious' attack friendly. The situation could have been catastrophically worse if some fame-driven idiot was the culprit and the database were to be leaked to the public."
HealthCare.gov Targeted 16 Times By Hackers
November 14, 2013 – An official from the Department of Homeland Security told the House Homeland Security Committee that there have been 16 reports of cyberattacks on the HealthCare.gov website. At least one of these attacks was a distributed denial-of-service, which failed to disrupt the site. An unnamed DHS official has said that the 16 attempts are likely only the documented ones. Security experts agree that the Department of Health and Human Services has most likely only reported significant attacks that could put sensitive information at risk. No details were provided regarding the other attacks, or if any of them caused damage.
Leader Of Anonymous Philippines Arrested
November 14, 2013 – Rodel Plasabas, also known as Reaper, anonymousbutuan and Anon Reaper, has been arrested by officers of the Philippines' National Bureau of Investigation. Plasabas is accused of being involved in attacks against 40 government websites that occurred earlier this month. It is believed that Plasabas is the leader of the Anonymous Philippines collective. An initial investigation turned up evidence of him being involved in online conversations about hacking websites. Officials plan on prosecuting him under the e-Commerce Act.
Anonymous Japan Launches OpKillingBay
November 14, 2013 – Members of the Anonymous Japan collective have launched a new operation, known as OpKillingBay, as a protest against the killing of dolphins and orcas in Taiji, Japan. The operation will focus on attacking Japanese government websites. The hacktivists have announced plans for distributed denial-of-service attacks against the sites of the Ministry of Foreign Affairs and the Prime Minister's office. "An estimated 20,000 dolphins will be slaughtered in Taiji this year alone. If after reading that you still don't care enough to help stop the slaughter then you deserve the same fate as the Dolphins," the hacktivists said in their announcement.
MacRumors Hacked, Data For 860,000 Users Exposed
November 13, 2013 – MacRumors editors have announced that the news website has been breached. It is believed that the hackers have stolen cryptographically protected passwords belonging to all 860,000 users. Editorial Director Arnold Kim posted a statement saying, "In situations like this, it's best to assume that your MacRumors Forum username, e-mail address and (hashed) password is now known." The hacker compromised a moderator account and escalated their privileges with the goal of stealing user login credentials. MacRumors is still investigating how the hacker was able to compromise the privileged account. Kim wrote, "We're not sure how the original moderator's password was obtained, but it seems like they just logged in with it. We are looking into it further to see if there was another exploit, but there hasn't been any evidence of it yet."
Anonymous Hacked British Parliament During Million Mask March
November 13, 2013 – Members of the Anonymous collective are claiming to have hacked the British Parliament during the Million Mask March protests on November 5th. The hackers claim that they used a publicly available password for Parliament's Wi-Fi network to access the network. Once connected the hackers claim to have hijacked several computers and iPads. They are also claiming to have accessed email servers from which they stole user login details. Representatives from Parliament confirm that heavier traffic was seen on November 5th, but Parliament's secure network and applications were not breached.
TeslaTeam Hacks Vevo.com
November 13, 2013 – Vevo.com, a joint venture music video website owned by Universal Music Group, Google, Sony Music Entertainment and Abu Dhabi Media, has been breached by the Serbian hacking group, Tesla Team. The hackers leveraged a SQL injection vulnerability in one of the sub-domains of the website that allowed them access to the Vevo database. The hackers claim that the database contains emails and passwords of admins and other users. Details of the vulnerability were published in a hacker's forum in 2012.
Brazilian Government Sites Serving Fake Flash Player
November 13, 2013 – Over 60 Brazilian government websites have been breached and are now serving malware disguised as Adobe Flash Player. Visitors to the breached sites are redirected to a page designed to look like the official Adobe Flash Player download page. Instead of downloading Flash Player, victims are given a Trojan downloader, which downloads a piece of Banking malware. The fake webpage is in Portuguese, indicating that these attacks are targeting Brazilian users.
Over 200,000 Banking Trojans Found In Last Quarter
November 12, 2013 – A recent report shows that the number of online banking Trojans has risen to over 200,000 for the third quarter of 2013, compared to 132,000 in the third quarter of 2012. The most targeted countries were the United States (23%), Brazil (16%), Japan (12%), India (6%) and Australia (3%). The most popular malware spread by spam were ZeuS variants. The report also showed that most mobile threats target the Android platform, however it seems that cybercriminals are beginning to use more malicious applications that are able to target multiple operating systems.
5 Arrested For Hack Of Singapore Prime Minister Website
November 12, 2013 – Five Singapore men have been arrested for allegedly hacking the websites of Singapore's President and Prime Minister. Muhammad Fitri Abu Kasim, 24, Daniel Ryan Salleh, 25, Mohamad Fadzly Aziz, 21, Muhammad Redzwan Baskin, 26 and Muhammad Qamarul Arifin Sa'adon, 22 have been released on bail, but if found guilty will face jail terms of up to three years or fines of up to $2,000. A Home Affairs Ministry spokesperson said, "Such acts can compromise the operation of critical services, cause alarm, damage and harm, and have serious security, economic and social consequences for Singapore and Singaporeans." Three of the suspects are related, while the other two are friends.
Japanese Anti-Nuclear Groups Hit With DoS Attacks
November 12, 2013 – Over 30 Japanese anti-nuclear groups have been hit with millions of spam emails over the past two months in a denial-of-service email campaign. The groups include Women's Active Museum on War and Peace, the Metropolitan Coalition Against Nukes and Fukushima Genpatsu Kokusodan, an organization dedicated to filing complaints about the Fukushima nuclear plant. Some of the emails read, "Unless we kill all of the anti-nuclear believers, world peace will never be achieved."
AXA Insurance Site Defaced By Anonymous Gabon
November 12, 2013 – The website of AXA Gabon has been breached and defaced by members of the Anonymous Gabon collective. The hackers say that this attack is part of Operation Gabon, which is a protest against the Gabonese government. The defacement message said, "With the rise on ritual killings in Gabon and a highly projected increase within the Gabonese economy for the financial & life insurance market, the AXA group has found a perfect position in Gabon with the help of Ali Bongo." At the time of this writing the website has been restored and is operating normally.
Syrian Electronic Army Hacks Vice.com
November 11, 2013 – In August of this year, Vice.com published an article that claimed to identify the leader of the Syrian Electronic Army (SEA). In response to this article, which SEA members say is false and identifies innocent people, the hackers have breached the Vice.com website and deleted the article. The hackers posted a message saying, "Your website was hacked by the Syrian Electronic Army. This time we just deleted the article that you claimed in it that you exposed 'Th3Pro' identity. But you didn’t. You published names of innocent people instead." SEA gained access to the Vice site by breaching several email accounts, including one belonging to the website developer. Two hours after the breach, the Vice.com site was restored and the article was posted again.
Anonymous Leaks Italian Government Documents
November 11, 2013 – Members of Anonymous are claiming to have hacked the personal computer and mobile devices of Giuseppe Scopelliti, an Italian politician and the elected president of Calabria. The hacktivists leaked over 1,000 documents from this hack, which included information related to the mafia, drugs and corruption. The files also include emails that allegedly belong to Scopelliti and other members of his staff. A message was posted with the leaked documents saying, "This is just a beginning. People of Italia do have the right to know what the government is involved in, especially when it comes to mafia wars and corruption in the region." The hackers said their next targets are the leaders of regions such as Lombardia, Sicilia, Toscana, Campania and Puglia. All of these attacks are part of OpItaly.
21 Brazilian Military Sites Hacked By BMPoC
November 11, 2013 – Members of the BMPoC hacking group are claiming to have hacked and defaced twenty-one sub-domains of Brazil's military. The same defacement message appeared on all the sites reading, "The giant awoke and took a rank again durmir again ..Brazil has to stop all at once.Come on Brazil! Our government is now just right? HAHA of course not! I dont just login to facebook and waste time, I know what I do!" The affected sites belong to departments of the Brazilian military's aeronautical directorate including, the aeronautical hospital, aeronautical academy, aeronautical health center and aeronautical training institute. At the time of this writing all of the sites were still displaying the defacement page.
Indonesia Hackers Not Listening To Warning From Anonymous Australia
November 11, 2013 – Last week members of the Anonymous Australia collective issued a warning to Indonesian hackers that were attacking "innocent websites." Anonymous Australia warned the Indonesian hackers to only target government sites or there would be consequences. After a day during which the hackers only attacked Australian government websites, the Indonesians have once again started attacking innocent businesses. It appears that the hackers had difficulty hacking government sites, so they went back to focusing on the individual businesses. Anonymous Australia has issued a "final warning", if the Indonesian hackers do not listen then they will have to face the "wrath of their fellow legion."
Healthcare.gov Targeted By New DoS Attack Tool
November 8, 2013 – Researchers have discovered a new denial-of-service attack tool targeting Healthcare.gov. The tool has not yet succeeded in taking the site down, however it may be making the site inaccessible for some visitors. According to the researchers the program being used to create the attack displays a message saying, "This program continually displays alternate page of the ObamaCare website . . .The purpose is to overload the ObamaCare website, to deny service to users and perhaps overload and crash the system." It appears that the motivation behind this attack is a protest against policies, legal rulings and government actions.
Singapore Prime Minister's Website Hacked By Anonymous
November 8, 2013 – Members of the Anonymous collective have hacked and defaced the website of Singapore Prime Minister Lee Hsien Loong. According to Singapore's Infocomm Development Authority (IDA), the attack exploited a cross-site scripting vulnerability in the search subpage of the website. The defacement message said, "Anonymous SG was here . . . It's great to be Singaporean today." The IDA released a statement saying, "The PMO main website is still working, and we will restore the compromised pages as soon as possible. The matter is under investigation."
Australia's Security Intelligence Organization Site Taken Down By Indonesian Hackers
November 8, 2013 – Indonesian hackers are taking credit for briefly taking down the website of the Australian Security Intelligence Organization (ASIO). The site was only down for 2 - 3 minutes and did not cause any real damage. Earlier this week Anonymous Australia warned Indonesian hackers to only target Australian government sites and leave innocent businesses alone. Anonymous Australia sees this attack as a sign the hackers are listening to their warning. This attack and the earlier attacks against Australian websites are a protest against Australia's spying on Indonesia.
India's Zee TV Hacked By Pakistanis
November 8, 2013 – Members of the Pakistani Cyber Experts hacking group have hacked and defaced three websites belonging to India's Zee TV. The affected sites are Zee TV USA, Zee TV South Africa and Zee TV Canada. The defacement message on each site is a protest against the Indian occupation of Kashmir. The hackers write, "Kashmir does not want militarized governance. They just want freedom! Freedom from the evil of the Indian Military!" At the time of this writing, only Zee TV Canada is still defaced, the other sites are restored and operating normally.
Over $1 Million In Bitcoins Stolen In Hack Of Bitcoin Wallet Inputs.io
November 7, 2013 – The Inputs.io Bitcoin wallet has announced that a total of 4,100 Bitcoins, the equivalent of about $1.1 million, was stolen as a result of two hacks. At this time Inputs.io says it can not pay user balances. The hackers compromised old email accounts in order to breach the hosting account. The hackers were able to bypass the two-factor authentication mechanism by exploiting a server-side vulnerability. Bitcoin back-end code was also stolen and sent to a compromised server. Users of the service are instructed to contact Inputs.io to request a refund.
Anonymous Ukraine Targets NATO With DDoS Attack
November 7, 2013 – Members of the Anonymous Ukraine collective have launched a distributed denial-of-service attack against the website of NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE). The attack was a response to NATO's hacking of a number of Ukrainian government websites. The hackers posted a statement saying, "On Monday NATO CCDCOE hacked a number of Ukrainian websites including Medical Department of Security Service of Ukraine and Ukraine's Prosecutor General's Office. It's payback time! We've just tango down NATO CCDCOE!" Earlier this week it was determined that NATO was not responsible for the attacks against the Ukrainian government, hackers simply put the CCDCOE logo on pages that were defaced. The CCDCOE website was down for about two hours before being restored.
Anonymous Australia Calls On Indonesian Hackers To Leave Innocents Alone
November 7, 2013 – Earlier this week, Indonesian hackers attacked hundreds of Australian websites in response to news that the Australian government had been spying on Indonesia. Many of the organizations affected by these attacks belonged to Australian businesses that have nothing to do with the government. Members of Anonymous Australia have posted a statement addressed to the Indonesian hackers saying, "Innocent businesses should not be attacked. We all bound together in an effort to bring down tyrant governments to shape our world as a better place. We bid you, as a fellow brother to focus on your main target - governments and spy agencies and leave the innocent bystanders out of this." Anonymous Australia warned that if the Indonesian hackers ignore this request that they will "feel the full wrath of their fellow legion."
Philippine National Police Regional Offices Hacked
November 7, 2013 – Members of the hacking groups Phantom Hackers PH and Pinoy Vendeta have hacked two websites of the Philippine National Police Regional Office 1, and two websites of the Philippine National Police Regional Office 3. The hackers left defacement messages on the sites saying the police have falsely accused people of hacking websites. One of the messages reads, "Don't be so desperate on hunting and shutting down Anonymous Philippines by picking anyone and accusing them of anything." At the time of this writing, only one of the sites has been fully restored.
5 Hackers Added To FBI's Cyber's Most Wanted List
November 6, 2013 – The US Federal Bureau of Investigation has updated it's Cyber's Most Wanted List to include five new hackers, bringing the total to 17 fugitives urgently wanted for computer and data-related crimes. One of the hackers is Andrey Nabilevich Taame, a Russian wanted for involvement with the DNSChanger malware that infected over four million PCs between 2007 and 2011. Two Pakistani hackers, Farhan Arshad and Noor Aziz Uddin, are wanted for hacking business telephone systems and making calls that resulted in $50 million in losses. An El Salvadoran hacker, Carlos Enrique Perez-Melara, is charged with running a spyware-for-hire scheme out of San Diego, before fleeing back to El Salvador. The final addition to the list is Russian, Alexsey Belan, who allegedly remotely accessed the computer networks of three US-based companies in 2012 and 2013 and stole sensitive data as well as employees' identities. FBI spokesman Richard McFeely said, "Throughout its history, the FBI has depended on the public's help and support to bring criminals to justice. That was true in the gangster era, and it's just as true in the cyber era."
Microsoft Warns Of Targeted Attacks
November 6, 2013 – Microsoft issued a warning about a vulnerability in its software that could be exploited by hackers. The vulnerability could be leveraged to allow remote code execution, giving the attacker the same user rights as the current user. In the warning, Microsoft said it is "aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products." The vulnerability affects Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 -2010 and Microsoft Lync. The flaw is currently being investigated and Microsoft stated, "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."
Twitter Vulnerability Allows Hackers To Read DMs
November 6, 2013 – A cross-site request forgery (CSRF) vulnerability was discovered in Twitter's "add mobile device feature". This feature allows users to control their account via SMS. The CSRF vulnerability could be leveraged to gain access to a user's direct messages and post tweets from any account. Twitter fixed the vulnerability the same day they received notification about it from security researchers.
Philippines Disaster Information Project Site Breached
November 6, 2013 – The website for the Philippines' Disaster Information for Nationwide Awareness (DINA) Project has been breached. The hackers changed the configuration on the site so that visitors are redirected to an adult site. The redirection only occurs if someone visits the site from a mobile device. The attack happened just as the National Disaster Risk Reduction and Management Council (NDRRMC) was preparing to launch the DINA Project. No one has taken credit for the attack at this time. The NDRRMC is urging visitors to only use desktop computers and laptops until the problem is fixed.
Harbor Freight Tools Breached
November 5, 2013 – Customers of Harbor Freight Tools have been notified that some of their financial information may have been breached after the company's payment processing system was hacked. Eric Smidt, Harbor Freight Tools' President, said that only customers who made transactions between May 6, 2013 and June 30, 2013 are affected. In most cases credit card numbers, expiration dates and CVVs were exposed. They believe that the cybercriminals obtained cardholder names in only 1% of the transactions. The company has sent out notifications letters to impacted customers and have posted notices in all of their stores and on their website. The investigation into the incident is on-going.
Guilford County, NC Sheriff's Office Site Hacked
November 5, 2013 – Officials from the Guilford County, NC Sheriff's office have confirmed that their website has been hacked. Google has been warning visitors that the "site may be hacked" for the past several weeks. Representatives of the Sheriff's office say that the site has been reinstalled from a clean backup and is now functioning normally. It is believed that the hackers exploited a vulnerability in GoDaddy's system, not a security hole in the website itself.
Smart Calendar App, Sunrise, Hacked
November 5, 2013 – The smart calendar app, Sunrise, has advised their users that the service was hacked over the weekend. Sunrise CEO Pierre Valade sent an email to users saying that they have already taken steps to protect user information. The company says that LinkedIn, Foursquare and Producteev data is safe as those services were not compromised. Also, user emails and passwords are safe as these were all encrypted. Valade does advise users that if they connected iCloud to their account, they should reset their passwords and reconnect the app with Apple's cloud and storage service. In addition, Valade said that no credit card or banking information was compromised.
Romanian Telecom, AdNet, Breached
November 5, 2013 – AdNet Telecom, a major Romanian telecommunications provider, has been breached by the Saudi Arabian hacker known as King of Control. Two sites belonging to AdNet have been compromised: the company's main domain and a domain dedicated to web hosting services. Both sites were initially taken offline, but have now been restored. Security experts have confirmed that this was not a case of DNS hijacking. AdNet has not issued any statement at this time.
Celebs, Execs And Lawmakers Among 850,000 Users Compromised By Limo Company Hack
November 4, 2013 – The hackers responsible for the Adobe and PR Newswire hacks appear to be behind the breach of CorporateCarOnline, which provides software management solutions for limousine companies. The breach resulted in 850,000 user records being stolen. The system stores personal and financial details from reservations, several of which belong to celebrities, executives and lawmakers. The stolen information includes names, addresses, credit card numbers and expiration dates. Some of the affected individuals include LeBron James, Aaron Rodgers, Tom Hanks, Donald Trump, Senator Mark Udall, Senator Tom Daschle and US Representatives Joe Garcia, Gus Bilirakis, Jim Matheson, Lynn Westmoreland and Joe Baca. The stolen file was found on the same server on which the Adobe and PR Newswire files were found. CorporateCarOnline has confirmed that the information has been stolen, but has provided no other details.
Chinese Chamber Of Commerce Data Leaked By Hackers
November 4, 2013 – The hacking group known as Raptor Swag is claiming to have hacked the website of China's Chamber of Commerce. The hackers have released a 7.4Mb file that contains allegedly stolen data from the Chamber of Commerce. A message was released with the data saying, "China is silly. They toss around images of their powerful army and their unstoppable government, yet . . . they do not sufficiently secure their systems from basic attacks." The hackers claim to have hacked a total of 71 Chinese government websites. The members of Raptor Swag are a group of people that used to hack as part of the Anonymous collective, but decided to create their own group because Anonymous "put a restriction on what we feel matters most - self amusement."
"NATO" Defaces Ukrainian Government Sites
November 4, 2013 – Four Ukrainian government websites have been defaced with a message reading, "Website has been suspended. Security policy of the website does not meet the requirements of NATO Cooperative Cyber Defence Centre of Excellence. Steadfast Jazz 2013." The CCDCOE has said that NATO has absolutely nothing to do with this or any other website hacks. Experts believe that this hack is related to Anonymous Ukraine's Operation Independence, which is targeting high-profile websites of the European Union, Ukraine, Poland and Russia.
Singapore Government Preparing For Anonymous Attacks
November 4, 2013 – Several days ago, Anonymous members announced that they would be targeting the Singapore government in protest of the implementation of the Internet licensing framework, which they see as a form of censorship. Since that time several government sites have gone offline, but the Infocomm Development Authority (IDA) has said that the down times are a result of planned maintenance, not Anonymous. The IDA said that they are taking the Anonymous threats very seriously, and government agencies are enhancing their IT security. At this time the only hack reported was of the Straits Times newspaper last week.
TeamBerserk To Stop Hacking Activities
November 1, 2013 – Members of the TeamBerserk hacking group have announced that they will stop their hacking activities, at least for a while. TeamBerserk is known for several hacks including the US Office of Personnel Management, Interactive Data, the Chinese University of Hong Kong, New Mexico ISP Plateau, Loretto Telecom and California-based ISP Sebastian. The hackers posted a message saying, "TeamBerserk is going dark for a while until further notice. MechAnimA has just got out of jail. Gutts and MechAnimA will be working on some other projects together. D0n and other members are too busy with their personal affairs at the moment to be active." There is no concern among team members about law enforcement identifying them, with the hackers saying that the authorities are "not even close."
Finland Accuses China And Russia Of Cyber Espionage
November 1, 2013 – Finland's government communications have been targeted in a four-year long cyber espionage operation, according to the Ministry of Foreign Affairs. Although officials have not assigned blame, China and Russia have been accused by other sources of being behind the operation. The data breaches were first discovered in the spring of this year. The espionage campaign appears to have targeted communications between Finnish and European Union officials. An investigation into the attack is on-going.
Anonymous Targeting Singapore Government
November 1, 2013 – Members of the Anonymous collective have announced that a new campaign targeting the government of Singapore has begun. The first attack of the operation was against The Straits Times', a major Singapore newspaper, website. The hacktivists said the reason for this operation is to show the government that it can't ignore its citizens' problems, and to protest the Internet licensing framework. The hacktivists said in a statement, "No one has the right to tell an individual what he can or cannot read or write. This is a basic fundamental of democracy and we will use everything in our resources to protect it at all costs. We demand you reconsider the regulations of your framework or we will be forced to go to war with you." The main target for this operation will be the Infocomm Development Authority of Singapore, which is in charge of the development and growth of Singapore's information and communications sector.
Indian Television Channel Defaced By Pakistani Hackers
November 1, 2013 – Members of the Pakistani Haxors Crew (PHC) are claiming to have hacked and defaced several websites belonging to Jaya TV, one of India's largest television channels. PHC has a history of protesting against "Indian oppression and Indian occupation." PHC left a message on the defaced sites saying, "Islam Zindabad, Long Live Muslims, Pakistan Zindabad. We are PHC. We Just Want Justice & Peace." At the time of this writing, some of the sites were still displaying the defacement message.
HealthCare.gov Full Of Security Vulnerabilities
October 31, 2013 – Security experts have been studying the new HealthCare.gov website since it's launch on October 1st. The results of these studies has been the discovery of several security vulnerabilities. Experts have found that hackers can easily access user names, password reset codes, email addresses and security questions, without needing any kind of authentication. A memo from September 27th, prior to the site launch, to Center for Medicare and Medicaid Services Administrator Marilyn Tavenner says, "From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk . . . the security contractor has not been able to test all of the security controls in one complete version of the system." Several security holes have already been fixed, but several remain that increase the risk of personal information being leaked.
TurkHackTeam Celebrates Turkish Republic Day With 500 Hacks
October 31, 2013 – Members of the TurkHackTeam hacking group claim to have hacked and defaced 500 websites in celebration of Turkish Republic Day. The defacement message on the sites reads, "We will continue and do everything in our power to end the lives of sites that are against the republic of Turkey . . .We wish Turks all around a happy republic day. Tolerance can be endless, but hardiness is limited." The affected sites were from several countries and included hospitals, schools, software houses, real estate businesses and financial institutions. At the time of this writing most of the sites were still defaced or taken offline.
Anonymous Ukraine Launches OpIndependence
October 31, 2013 – Members of the Anonymous Ukraine collective have announced the beginning of OpIndependence, a campaign to promote Ukraine's independence from the European Union, NATO and Russia. The hacktivists posted a message saying, "Ukrainian citizens realize that signing the Association Agreement with the European Union, scheduled in November, will lead to the collapse of Ukrainian economy in the near future. We express our support to the people of our country. We want Ukrainian government and EU leadership to understand that people of Ukraine do not want their country to become a raw material donor to Europe." As part of this operation a distributed denial-of-service attack has been launched against the European Investment Bank website. Other targets of attacks include Poland's Chief Sanitary Inspectorate, Russian portal Russkie.org and Poland's Zieloni RP party.
Three Italian Educational Institutions Defaced
October 31, 2013 – The hacker known as Ammar Liverpool is taking credit for the breaching and defacement of three Italian educational institution websites. All of the sites are hosted on government domains. The affected websites belong to the State High School Eleonora Pimentel Fonseca, the Comprehensive Institute Russo-Montale and the Comprehensive Institute Capaccio-Paestum. Experts are assuming that the hacker was able to compromise the hosting server, which would provide easy access to deface these sites. At the time of this writing, the sites are still defaced.
Twitter Vulnerabilities Allow Arbitrary File Uploads
October 30, 2013 – Security researchers have discovered vulnerabilities in Twitter that could be leveraged by hackers to upload arbitrary files to Twitter's systems. The first vulnerability was discovered on dev.twitter.com, which is a site that allows developers to create applications that integrate with Twitter. The vulnerability allows users to bypass security checks and upload any type of files to the server. Hackers could exploit this to turn the Twitter server into a command and control server since it is a trusted domain. The second vulnerability that was discovered allowed attackers to redirect users to arbitrary websites. Both vulnerabilities have now been fixed by Twitter.
Anonymous Focusing On Syrian Government
October 30, 2013 – Members of the Anonymous collective are continuing their OpSyria campaign and are focused on breaching Syrian government systems. The hacktivists say that they consider all Syrian government systems targets. They posted a statement saying, "Finding documents regarding the use of chemical weapons is a top priority but the hacks are a great way for us to show the Syrian Regime, 'Hey. We're still watching you - and we're going to keep doing this until your people realize that they are our ally.'" Anonymous said that they have several people working full time looking for vulnerabilities in Syrian government websites. The hacktivists want to make sure the Syrian government understands, "We are already inside your databases."
Interpol Indonesia Taken Down As Part Of OpThrowBack
October 30, 2013 – The hacker known as Fu7ion is claiming to have taken down the website of Interpol Indonesia. Fu7ion is a member of the Anonymous collective and said that this attack was a part of OpThrowBack. The hacker used a SYN flood to overwhelm the website's servers. The official start of OpThrowBack is scheduled for tomorrow. At the time of this writing, the website is still down.
Miami Dolphins Cheerleaders Site Hacked
October 30, 2013 – The website of the Miami Dolphins cheerleaders has been hacked. Visitors to the site from mobile devices were being redirected to an adult website. Dolphins representatives said that they rushed to fix the issue as soon as they were aware of it. The team has launched an investigation to find who is responsible for the attack. At the time of this writing the site is operating normally.
Syrian Electronic Army Hacks Obama's Social Media Accounts
October 29, 2013 – Members of the Syrian Electronic Army (SEA) have hacked President Barack Obama's Twitter and Facebook accounts. The hackers were able to compromise the accounts by taking advantage of a URL shortening service used for the social media accounts by Organizing for Action, Obama's campaign organization. SEA changed all of the links from Obama's messages to lead to a 24 minute video called "Syria facing terrorism." The hackers said, "We are watching you, Obama Bin Laden. Thank you Obama for redirecting people to the SEA website." They continued, "Obama doesn't have any ethical issues with spying on the world, so we took it upon ourselves to return the favor." The hackers hacked a total of eight email accounts which gave them access to Blue State Digital, a media strategy and technology firm that handled the Obama campaign between 2008 and 2012, and ShortSwitch, the URL shortening service used by Organizing for Action. Once SEA had access to the Blue State Digital and ShortSwitch accounts, they were able to redirected certain links to any website.
Anonymous Plans DDoS Attacks On "High Profile" Sites
October 29, 2013 – Members of the Anonymous collective have announced a new operation called Operation Throwback. OpThrowback will be attacks "to strike back against the oppressors of our freedom." The operation will consist of distributed denial-of-service attacks against high profile websites. They are planning attacks on the sites of the FBI, the NSA, Verizon, Microsoft and AT&T on October 31. The hackers say they will be testing their "firepower" today against the American Nazi Party website.
At Least 38 Million Adobe Users Affected By This Month's Hack
October 29, 2013 – More information is being reported about the hacking of Adobe's systems earlier this month. The attack led to the source code for several Adobe products being stolen, along with user information. Adobe initially said information of 2.9 million customers was stolen, but now they are admitting that the number is much higher. Heather Edell, Adobe spokesperson said, "So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and encrypted passwords for approximately 38 million active users." The company also confirmed that some of the source code for Photoshop was stolen in addition to the source code for Acrobat, Reader and ColdFusion. Edell also said, "We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident."
UK Man Arrested For Hacking US Government Networks
October 29, 2013 – Lauri Love, 28, of Stradishall, England has been arrested and charged with hacking computer networks belonging to the United States and other countries. Authorities from the US are charging Love with the hacking of systems belonging to the Army, the Missile Defense Agency, the Environmental Protection Agency and NASA, causing millions of dollars in damages. US Attorney Paul Fishman said, "Lauri Love and conspirators hacked into thousands of networks. . . As part of their alleged scheme, they stole military data and personal identifying information belonging to servicemen and women. Such conduct endangers the security of our country and is an affront to those who serve." Love is charged with one count of accessing a US department or agency computer without authorization and one count of conspiracy to access a US department or agency computer without authorization. The sentence for these charges could be five years in prison for each count.
Obama Campaign Site Hacked By Syrian Electronic Army
October 28, 2013 – It appears that over the weekend a website for President Barack Obama's campaign donations was hacked and was redirecting visitors to the Syrian Electronic Army (SEA) website. The hacked site is donate.barackobama.com, which is actually an old site used to collect donations. A different site is currently used by the Obama campaign, contribute.barackobama.com. SEA has made no statement about this hack and it is unclear if they truly are the ones behind it. At the time of this writing the site is operating normally and no longer redirects.
Buffer Hacked, Spam Sent From User Accounts
October 28, 2013 – Buffer, the service that allows users to schedule posts on various social media websites, was hacked over the weekend. The hackers used the access to send spam messages via the social media accounts of Buffer users. Buffer disabled all postings once the breach was discovered. No information was stolen during the hack, and no social media accounts were actually compromised. Facebook is reporting that a total of 30,000 users who have their Facebook accounts linked to Buffer have been impacted by the spam problem. That represents 6.3% of Buffer users on Facebook. Buffer CEO Joel Gascoigne posted a message saying, "We have added encryption of OAuth access tokens and we have changed all API calls to use an added security parameter. Service has resumed with increased security since the incidents." Several security experts have been brought in to investigate the source of the breach.
Turkish Hackers Deface Alexza Pharmaceuticals
October 28, 2013 – Members of the Ayyidiz Tim Turkish hacking group are claiming to have breached the website of Alexza Pharmaceuticals. Alexza is based in California and develops products for the treatment of central nervous system conditions. The Alexza website has been defaced with a message of protest against anyone that insults Islam. The defacement message also had statements of support for Muslims in Turkestan and in Arakan. At the time of this writing the site is still defaced.
Canadian 12-Year Old Admits To Hacking For Anonymous
October 28, 2013 – A 12-year old Canadian boy has pleaded guilty to hacking multiple government and police websites for the Anonymous collective. The boy said he traded the stolen information to members of Anonymous in exchange for video games. Some of the sites he admitted to hacking include the Montreal police, the Quebec Institute of Public Health and the Chilean government. His attacks included distributed denial-of-service, site defacements and stealing user information. According to court documents, it is estimated that the boy did $60,000 worth of damage.
Civil Air Patrol Domain Defaced By Malaysian Hackers
October 25, 2013 – The Malaysian hacking group known as KamiSecTeam is claiming to have breached and defaced the website of the Northern Region Civil Air Patrol of the United States Air Force. The Civil Air Patrol is an auxiliary of the US Air Force that performs 90% of continental US inland search and rescue missions. The hackers defaced the page with the KamiSecTeam logo, but did not give a reason for the attack. At the time of this writing, the site has been restored and is functioning normally.
Anonymous Leaks 80 Mb From Syrian Patent Office
October 25, 2013 – Members of the Anonymous collective have leaked 80Mb of documents and images from the Syrian Patent Office, as a part of OpSyria. It appears that the documents that were leaked do not contain any sensitive information. The documents include memos, information on patents, legislation, brochures and various registration forms. The hackers left a message saying, "Greetings from Anonymous. Lately we've been on a roll, having fun looting everything we can get our hands on. . . we continue to pile on our personal collection of Bashar's property." According to the hackers, they are working in concentrated and effective teams to ensure their operations are carried out "swiftly and properly."
Anti-Virus Company, ESET, Defaced By MrDOx
October 25, 2013 – Four Spanish domains of the anit-virus company ESET have been breached and defaced by the Panamanian hacker known as MrDOx. The defacement on all of the sites said, "D3fac3D By MrDOx." The pages also include a link to the hacker's Twitter handle. The hacker made no mention of the reason for the hack. At the time of this writing all four of the domains and the official ESET domain for Spain were taken offline.
Tunisian Hackers Breach Site Of African Petroleum Producers' Association
October 25, 2013 – Members of the Tunisian hacking group known as Fallaga Team Tunisia have breached and defaced the website of the African Petroleum Producers' Association (APPA). A defacement message was left, saying, "Hacked by TN_X2X, PSO@hotmail.com, Fallaga Team Tunisia Hackers. TN_X2X and we will be back." The APPA is an intergovernmental organization with eighteen member countries including Algeria, Angola, Benin, Cameroon, Chad, Democratic Republic of Congo, Congo, Cote d'Ivoire, Egypt, Gabon, Ghana, Equatorial Guinea, South Africa, Libya, Mauritania, Niger, Nigeria and Sudan. It is unclear if the hackers accessed any sensitive information. At the time of this writing the site has been restored and is functioning normally.
64% Of Energy Companies Face Brute Force Attacks
October 24, 2013 – A recently released report shows that 64% of energy companies were targeted by brute force attacks during a six-month study. Energy companies are a prime target for hackers because of the dependence the population and businesses have on the availability of energy resources. Sixty-one percent of energy companies reported being targeted in malware/botnet infiltration attacks. In comparison, only 34% of companies in the total study experienced brute force attacks and 13% of all companies are targeted by malware/botnet infiltration attacks.
Anonymous Hacks Syria's Higher Commission For Scientific Research
October 24, 2013 – Members of the Anonymous collective have breached and leaked data from Syria's Higher Commission for Scientific Research systems. The hackers say that the breach and data leak are part of OpSyria. The leaked information includes database structure details, user names, hashed passwords, network map data and emails. The breach was of an FTP server, and the hackers say they also have access to Syrian government emails. A message was posted along with the leaked data saying, "Assad, we hope we've made ourselves clear. We REFUSE to tolerate your actions of gassing your own innocent people in a despotic and run-down capital where one cannot walk across the street without taking gunfire. If the Western World won't take action to show you where you went wrong, we certainly will."
Russian Government Targeted By Anonymous
October 24, 2013 – Members of the Anonymous collective have launched a distributed denial-of-service attack against the online portal of the Government of Russia. The hackers say that the attack is a protest against the arrests of Greenpeace activists. A message was posted saying, "This TangoDown is in support of jailed GreenPeace activists who staged a protest against oil exploration in the Arctic Ocean last month." At the time of this writing the website is functioning normally.
North Korea Accused Of Using Free-To-Play Video Games As Cyberweapons
October 24, 2013 – South Korea's National Police are warning online gamers that free-to-play video games are being used by North Korea to infect players with malware that will collect user data and could be used to launch cyberattacks. The Washington Post reports that North Korea has already employed this method to infect 100,000 South Korean computers that were used to launch cyberattacks against Sourth Korea's Incheon International Airport last year. Last year's attack was traced back to North Korea's Reconnaissance General Bureau. Previous North Korean attacks have targeted South Korean television, financial institutions and air and marine traffic controls.
US Department Of State Website Hacked
October 23, 2013 – The Indonesian hacker known as Dbuzz has hacked and defaced the official blog of a US Department of State website that deals with US embassies, consulates and diplomatic missions from across the world. The hacker left a message saying, "Hacked by Dbuzz! Secure Your Box. Cheers To: Black Angels - pH4THOrMOn - Pak RT!" The website provides information regarding US embassies and diplomatic missions in Africa, Europe and Asia. At the time of this writing the blog site is restored and operating normally. Dbuzz is also claiming to have hacked and defaced the Department of State's Our Planet subdomain. The same defacement message appeared on this site. The site is currently offline.
RedHack Leaks Documents From Turkey's Minister For EU Affairs
October 23, 2013 – Members of the RedHack hacking group have posted documents about the candidacy of Egemen Bagis, current minister for EU Affairs and chief negotiator for the Istanbul Metropolitan Municipality. The leaked files include information on Bagis' income, communications with foreign officials, daily activities and official meetings. A total of 18 documents have been published, and the hackers say they will post 18 documents per day over the "upcoming period."
Anonymous Breaches Ukraine's Ministry Of Foreign Affairs, Leak Information
October 23, 2013 – Members of the Anonymous collective are claiming to have hacked the systems of Ukraine's Ministry of Foreign Affairs. The hackers say they were able to breach the systems by hacking a Ukrainian telecom company, EuroTraceTelcom. A large number of documents have been leaked, mostly concerning Ukraine relations with Azerbaijan. The hackers explained, "We started our release from Ukraine Embassy to Azerbaijan because we are very much concerned about state of affairs in UKR AZERI relations in terms of oil and gas trade and we know that much of it has to do with former Prime Minister of Ukraine - Tymoshenko."
OpSerbia Set For November 28, 2013
October 23, 2013 – A newly formed hacking group known as Pentagon Security Team has announced that Operation Serbia will take place on November 28, 2013. The hacking group appears to be made up of Albanian professional hackers from other known hacking groups. OpSerbia is a protest against war crimes carried out by the Serbian Army and government during the war between Kosovo and Bosnia. The hackers say they are also protesting corruption in Serbian government.
Verizon Portal Vulnerability Reveals Users' SMS History
October 22, 2013 – Researchers have discovered a privacy vulnerability on Verizon Wireless's customer portal, which allows anyone to download users' SMS history and numbers of people the user communicated with. The vulnerability is a simple URL exploit that allows any subscriber to extract data using the "Download to SpreadSheet" function. This vulnerability could potentially expose tens of millions of Verizon users' contact lists and texting history. Verizon has not issued a statement about this issue.
Hackers Steal $100,000 From California ISP Users
October 22, 2013 – The hacking group, TeamBerserk, is claiming to have stolen $100,000 by using user names and passwords stolen from California ISP Sebastian. The user names and passwords were used to access the users' bank accounts. The hackers detailed how they used a SQL injection attack against Sebastian to access the customers' database and then using the stolen information were able to access the victims' Gmail accounts, linked PayPal accounts and bank accounts.
International Atomic Energy Agency Infected With Malware
October 22, 2013 – The International Atomic Energy Agency (IAEA) has issued a statement saying that some of its computers have been infected by malicious software. IAEA spokesman Serge Gas said, "No data from the IAEA network has been affected." It is not clear how the malware entered their systems. Initially they looked into if a third-party technician or visitor could have used a USB drive to insert the malware. Gas said, "The (IAEA) secretariat does not believe that the USB devices themselves were infected or that they could spread the malware further." Details of the malware were not disclosed.
Paraguay's National Police Site Defaced
October 22, 2013 – The hacker known as TuNoVaTo has breached and defaced the website of Paraguay's National Police. The hacker let a message on the site saying, "Sorry Admin, you have a security breach. My Crime: Curiosity. Do not accuse me for this, this is just your fault, not mine. Sovereignty is the right of the people to elect their government, its laws and it is respected! Capitalist Government Corrupt! The Revolution has come to stay!" Earlier this year, TuNoVaTo hacked Paraguay's National Secretariat for Housing and Habitat and National Institute of Food and Nutrition.
Syrian Electronic Army Hacks Major Qatar Websites
October 21, 2013 – The Syrian Electronic Army (SEA) has hacked several major Qatar based websites including Google, Facebook, Aljazeera, government and military sites. All of the sites use the .qa extension and the domains are managed by Qatar's Ministry of Information and Communication. It appears that SEA gained access to the Qatar Domain Registrar and modified the DNS entries to redirect the websites to servers controlled by the hackers. When attempting to visit one of the affected sites, the user is redirected to a defacement page that has a picture of Syrian President Bashar al-Assad and the SEA logo.
UK's Daily Mail Hacked By TeaM MADLEETS
October 21, 2013 – The Pakistani hacking group known as TeaM MADLEETS has hacked and defaced the official discussion forum of the UK's Daily Mail website. TeaM MADLEETS member 1337 was the individual that performed the attack. 1337 left a message on the defaced page saying, "Struck by 1337! Daily Mail Stamped by Pakistani Leets! Security is just an illusion . . . We are TeaM MADLEETS!" The Daily Mail uses vBulletin, and it appears that a vulnerability in the software is what allowed the breach to occur.
Over-X Breaches Algeria's Ministry Of Housing And Urban Development
October 21, 2013 – The Algerian hacker known as Over-X is claiming to have hacked and defaced Algeria's Ministry of Housing and Urban Development website. On the defacement page the hacker left a message of protest against the government, and accused several officials of taking bribes. Specifically, Over-X is unhappy with the current lack of housing and jobs. Last week, Over-X hacked fifteen Red Bull websites.
Armenia's National Security Service Hacked By Azerbaijani Hackers
October 21, 2013 – Members of the Azerbaijani hacking group Anti-Armenia Team are claiming responsibility for hacking and defacing several Armenian websites, including Armenia's National Security Service. The hackers have leaked over 1,100 documents stolen from the National Security Service. The documents are all written in Armenian, but it appears that some are identification documents. At the time of this writing most of the websites have been restored and are operating normally.
Red Bull Sites Hacked And Defaced
October 18, 2013 – The Algerian hacker known as Over-X has breached and defaced fifteen domains belonging to Red Bull. The defaced pages simple say, "Hacked by HCN." The hacker also left a link to his Facebook page on the sites. The affected sites include blogs.redbull.co.uk, web.redbullrookiescup.com, redbullworld.at, redbullbedroomjam.com.au, and racingcan.redbull.in. The main Red Bull website was not impacted by the attack. At the time of this writing some of the sites are still displaying the defacement.
Russian Financial Institutions Hit With DDoS Attacks
October 18, 2013 – Several major Russian financial institution websites have been hit with distributed denial-of-service attacks. The targeted institutions include Russia's central bank, VTB, Alfa Bank and Sberbank. Artyom Sychyov, the deputy head of the Central Bank's cyber security department released a statement noting that the attack on his bank was well organized, but not very powerful. Experts believe that the attacks are an attempt to weaken the trust in Russia's banking sector.
Torrent Sites Blocked In Italy
October 18, 2013 – The Pirate Bay and four other file sharing sites will be blocked in Italy due to a recent court order. The court ruled that the sites must be blocked by ISPs due to massive illegal downloading of music, films and other copyrighted digital content. This is the second time in five years that an Italian court has ordered ISPs to block The Pirate Bay. The first block was repealed in 2008, but it was re-instituted in 2010. In early 2013, The Pirate Bay came back online with a different domain name. The other sites blocked by the ruling are 1337x.org, h33t.eu, extratorrent.com and torrenthound.com. Italy's finance police issued a statement saying, "Sharing copyrighted content through the Internet still leads to heavy losses for the legal market and leads to a loss of tax revenue."
Anonymous Targeting Moroccan Government After Teens Arrested
October 18, 2013 – Members of the Anonymous collective have said they will be targeting the Moroccan government in response to the arrest of three teenagers. The teenagers were arrested for posting a picture of two of the teens kissing on Facebook, the third teen arrested took the picture. The Moroccan government arrested the teens for violating public decency laws. The hacktivists said, "This senseless attack on an innocent expression of young love in a country notorious for the domestic abuse of women is a sick and twisted mirror image of what the Moroccan government should be focusing on instead." The hacktivists claim to have already hacked and leaked information from the Department of Water. The leaked information includes login credentials, bank transfer details and personnel files. The Anonymous members say they will be monitoring the situation until the November 22nd trial.
PR Newswire Admits Being Hacked
October 17, 2013 – The press release distribution service, PR Newswire has admitted that they suffered a hacking attack earlier this year. The hackers stole usernames and encrypted passwords belonging to customers that used the service. The stolen information was found on the same server where the source code for several Adobe products was recently found. The stolen information appears to belong to users from India, Europe, Africa and the Middle East. PR Newswire issued a statement saying, "PR Newswire has protocols and redundancies in place that are designed to minimize the risk of distributing fraudulent press releases, including both technological and human safeguards prior to issuing any release." The company has started an investigation and it is in the process of notifying impacted customers.
California State University Breached
October 17, 2013 – Unidentified hackers have breached the systems of the California State University at Sacramento. Information related to 1,800 employees was compromised by the attack. The employee information includes social security numbers and driver's license numbers. At this time appears that the information has yet to be used in any malicious way. The University has started to notify the employees affected by the breach.
Google Video Domain Defaced By H4x0r HuSsY
October 17, 2013 – The official Google Video Cost Rica domain has been hacked and defaced by the hacker known as H4x0r HuSsY. A message was left on the defaced page saying, "Struck by H4x0r HuSsY, We Are Here To F*** You Once More . . . We are TeaM MADLEETS!" This same hacker has hacked several Google domains in Malaysia and Burundi in the past. At the time of this writing the site has been restored and is operating normally.
Anonymous Peru Launches Attack On Peruvian Association Of Authors And Composers
October 17, 2013 – Members of the Anonymous Peru hacking collective have launched a distributed denial-of-service attack against the website of the Peruvian Association of Authors and Composers (APDAYC). The APDAYC is an organization that represents authors from Peru and other countries, and grants licenses for the use of musical works. The hackers said they attacked the site due to the "APDAYC president's huge salary, the unlawful distribution of royalties and abusive charges for music." The APDAYC has said that the accusations are not true and the hackers are just spreading misinformation. At the time of this writing the site seems to be working properly.
Source Of Malicious Internet Traffic Changing
October 16, 2013 – A recent report published by Akamai showed that there was significant changes in the sources of attacks worldwide on the Internet in the second quarter of 2013. The most surprising change is the increase in attack traffic from Indonesia, going from 21% in the first quarter to 38% in the second. The growth was so significant it put Indonesia ahead of China in the number one spot. The top 10 source countries for attacks grew to account for 89% of overall attack traffic, up from 82% in the first quarter. The top countries are Indonesia, China, the United States, Taiwan, Turkey, India, Russia, Brazil, Romania and South Korea.
Ship Tracking System Susceptible To Hacker Attacks
October 16, 2013 – The Automatic Identification System (AIS), which is used to track over 400,000 ships, has been found to be vulnerable to hacker attacks. AIS is installed on commercial ships that are over 300 metric tons, and all passenger ships. The system uses GPS to exchange a ship's position, course and other information with other nearby ships and offshore installations. The vulnerabilities found would allow hackers to take over the communications of the ships, disable the AIS, create fake ships and even create fake SOS or collision alerts. According to experts these vulnerabilities will not be easy or cheap to fix.
Anonymous Leaks Files From Poland's Ministry Of Economy
October 16, 2013 – Members of the Anonymous collective have leaked a large number of files they claim were stolen from Poland's Ministry of Economy. The hackers posted a message saying, "Basically, it's Ministry of Economy that got pwnd . . .In this particular release we deliver Belarus office of this notorious organization which is engaged in industrial espionage through its offices located at Embassies of Poland worldwide." The leaked files include emails, memos and copies of passports and other identification documents belonging to citizens of Moldova and Ukraine. The hackers say that this is just a small preview of the information they sole, and they'll be leaking information from each of the offices one at a time.
Anonymous Venezuela Breaches Military And Government Sites
October 16, 2013 – Members of the Anonymous Venezuela hacking collective have breached and defaced several websites belonging to the Venezuelan military and government. The targeted websites include the Bolivarian Military Technical Academy, the Directorate General of Military Counterintelligence, the Ministry of the Environment, the Municipal Police of Vargas and the Aragua Police. The hackers said that these attacks are a protest against the Venezuelan government. The same hackers also attacked the website of the University of Falcon. On the University's site a web-based DDoS tool was placed, that's built to attack the Currency Administration Commission website.
Anonymous Planning Twitter Storm For Today
October 15, 2013 – Members of the Anonymous collective are organizing a Twitter storm protest for today at 5pm EST. The protest is a part of OpMaryville, which is a campaign to bring pressure to Maryville, Missouri authorities that have dropped charges against two boys accused of molesting a 14-year-old girl. The hacktivists posted a video saying, "Raise Awareness in social media, put pressure on Attorney General Chris Koster to launch an investigation into the lack of charges against Matthew Barnett (despite a confession and evidence of guilt)." A physical protest is also being planned for October 22 at the Nodaway County Courthouse in Maryville.
Israeli Job Portal Hacked, Over 3,000 User Accounts Leaked
October 15, 2013 – The Iranian hacker known as Dr.3v1l is claiming to have hacked an Israeli job search portal and leaked login account information of 3,349 Israeli citizens. Dr.3v1l is a known member of the Black_Devils BOys hacking group. The hacker left a message along with the leaked information saying, "Hacked 3349 accounts Leaked by Dr.3v1l REASON: #AntiMason." The leaked information includes email addresses and clear text passwords.
Pakistani Hackers Deface Major Indian Telecom Website
October 15, 2013 – Members of the Pakistani hacking group known as P4K-M4D-HUNT3R-Z have breached and defaced two websites belonging to Hathway, a major Indian telecommunications company. The same defacement message was left on both sites, "Boxed By Exploiter-Z, Anon Cop, Ch3rn0by1. P4K-M4D-HUNT3R-Z Arrived. Indian ISP Owned." The same group of hackers also defaced BSNL, another Indian telecommunications company, yesterday.
RedHack Defaces Union Of Turkish Public Enterprises Site
October 15, 2013 – Members of the RedHack hacking group have hacked and defaced the website of the Union of Turkish Public Enterprises. RedHack is known for their many attacks against the Turkish government. The defaced page lists the names of people that have died during recent protests in Turkey. In addition, there is a warning message saying that RedHack will continue targeting government sites as a protest against violence. At the time of this writing, the website has been restored and is operating normally.
GitHub Suffers Large DDoS Attack
October 14, 2013 – Earlier today, GitHub was unavailable due to a large distributed denial-of-service attack. A statement was released by GitHub saying, "We have confirmed GitHub.com . . . (is) undergoing a large DDoS attack and are working to mitigate the attack." This is the fourth attack on GitHub in October alone. The site was under attack for the first 3 days of the month. At the time of this writing, GitHub has mitigated the attack and the site is back up, but hasn't confirmed that all attacks have stopped. The site was down for less than 20 minutes.
KDMS Team Changes DNS Of BitDefender and ESET
October 14, 2013 – The Palestinian hacking group known as KDMS Team has continued to hijack websites by changing DNS records. This time the hackers defaced the websites of BitDefender and anti-virus firm, ESET. Both sites are registered with Register.com, which also is the registrar for all of the other KDMS Team attacks. The message left on the sites is the same message that has been left on the other sites hijacked by the hackers last week. BitDefender issued a statement saying, "We've contacted Register.com and they fixed the issue. All BitDefender customers are and were 100% protected."
Anonymous Leaks 3,700 Documents From Greek Government
October 14, 2013 – Members of the Anonymous collective have leaked over 3,700 documents as part of OpGoldenDawn. The leaked documents were stolen from the A3 Directorate for Southeastern European Countries from Greece's Ministry of Foreign Affairs and the Organization for Security and Co-operation in Europe (OSCE). The hacktivists made the following statement, "Today we deliver the first sucker punch in a series of jaw breaking leaks, to reveal the truth about the Greece government involvement in conspiracy to spy on us with the help of its ENISA and OSCE cybercrime units." Supporters of the operation are encouraged to make copies of the classified documents and post them all over the Internet so that they can't be removed by "government cleaners." The Anonymous members say that more leaks will be coming in the future.
AnonGhost Hacks 65 Israeli Websites
October 14, 2013 – Members of the AnonGhost hacking group are claiming to have breached and defaced 65 Israeli websites as part of Operation Troll Israel. The hackers left a message on the sites saying that on November 20, 2013 they will be attacking Israeli cyberspace. The message also said, "We are AnonGhost and we are everywhere! There is no Israel in this map, no one recognize you because it is Palestine. We are coming soon." The affected sites were private businesses including car dealerships, electronic stores, virtual education institutions, real estate operators, web development companies and private medical centers.
Metasploit And Rapid7 Defaced By KDMS Team
October 11, 2013 – The Palestinian hacking group known as KDMS Team has defaced the websites of Metasploit and Rapid7. The hackers left a message on the Metasploit site saying, "After whatsapp, avira, alexa, avg and other sites we was thinking about quitting hacking and disappear again! But we said: there is some sites must be hacked. You are one of our targets. Therefore we are here." The purpose behind the attacks is to get out pro-Palestine messages. The defacement message continued, "There is a land called Palestine on the earth. This land has been stolen by Zionists." Rapid7 has released a statement saying that the websites were hijacked through the registrar. A Rapid7 representative said, "The attackers have the ability to change ANY Register.com domain." Register.com is owned by the same company that owns Network Solutions, which is the registrar that was compromised earlier this week by KDMS Team.
Hackers Steal Personal Information Of 145,000 Monterey County Residents
October 11, 2013 – Officials from Monterey County, California have announced that hackers breached a computer that contained personal details of 145,000 residents. The attack actually occurred in March 2013, but the details of the attack have just come out. The residents that could be affected are people who received social services assistance between 2002 and 2009. The information that may have been stolen includes names, social security numbers, dates of birth and addresses. State social services officials notified the county about the breach immediately after it happened. The investigation conducted by the county wasn't able to determine if the hackers actually stole the information. Elliott Robinson, director of the county Department of Social Services said, "We deeply regret that this incident occurred and are disappointed that hackers would break into a computer system needed to serve those most in need."
China Targets Mongolia With Espionage Campaign
October 11, 2013 – Researchers have discovered a new cyber espionage campaign targeting Mongolia. It appears that China is behind the campaign and are attempting to learn about Mongolia's relations with the European Union, the United States, South Korea and Japan. Targets are not only Mongolian organizations, but also ones that have economic, diplomatic or military relations with the country. A malicious document is being sent that appears to contain an official unclassified announcement about the Khaan Quest 2014 joint US and Mongolia military exercise. When the document is opened it exploits an old Microsoft Word vulnerability and malware is loaded onto the victim's computer. The infected computer then communicates with a command and control server located in Hong Kong. The malware being used is the same that was used by the Chinese hacker group known as APT1 or Comment Crew.
Pakistani Hackers Deface Google Malaysia
October 11, 2013 – The Pakistani hacking group known as TeaM MADLEETS has defaced the home page of Google Malaysia. The message left on the page reads, "Google Malaysia STAMPED by PAKISTANI LEETS." The hackers used a DNS hijacking attack to accomplish the defacement. A member of the hacking group posted a separate message saying, "We don't hack any country . . . as a result of any kind of hate, We don't hate anyone . . . Whatever the reason is we can't explain except we love all of you." At the time of this writing, the site has been restored and is operating normally.
City Of Mansfield, OH Site Hacked By Dr. SHA6H
October 10, 2013 – The Syrian hacker known as Dr. SHA6H is claiming to have hacked and defaced the website of the City of Mansfield, OH. The hack was done in "support of a free Syria." A message was left on the defaced site saying, "Three years in a row and there is no solution to the blood in Syria? . . . What action from government and human rights organizations!" Dr. SHA6H has hacked several other high profile websites in an effort to bring attention to the situation in Syria. At the time of this writing the website has been restored and is operating normally.
Registrars Ordered To Shutdown Torrent Sites By UK Police
October 10, 2013 – The Intellectual Property Crime Unit (IPCU) of the City of London Police have ordered registrars to suspend domain names of many torrent service sites including MisterTorrent, ExtraTorrent and SumoTorrent. easyDNS is one registrar that has not followed the order saying it sees the request as an abuse of power. The IPCU did not contact the Torrent site owners, instead they sent a letter to their domain registrars, informing them that their clients' activities are breaching copyright law.
UK Hands Down 5 Year+ Sentence for Phishing
October 10, 2013 – Olukunle Babatunde, 27, has plead guilty to conspiracy to defraud UK financial institutions and their customers out of an estimated $1.2M. Babatunde was sentenced to 5 years and 6 months in prison. He is one of two criminals that were arrested for using phishing emails to trick unsuspecting banking customers into disclosing their confidential information. With over 700 victim accounts impacted, the UK courts handed down a sentence meant to deter others from using phishing tactics.
Turkish Government Website Distributing Malware
October 10, 2013 – A website belonging to Turkey's Ministry of National Education has been hacked and set up to serve malware disguised as a DivX plugin. A page has been created that looks like Facebook, where visitors are asked to download a DivX plugin in order to view a video. Once downloaded, the user's computer automatically joins a botnet operated by cybercriminals. At the time of this writing, the malicious page is still on the website.
NSA Wants More Internet Surveillance On Wall Street
October 9, 2013 – General Keith Alexander, Director of the National Security Agency, said, "You have to have the rules set up so you can defend Wall Street." Alexander put forward a scenario where the NSA needs to be in a position to detect "a cyber packet that's about to destroy Wall Street." Experts say that the idea that a single packet could wipe out Wall Street is not realistic. Alexander went on to say that the NSA should not have to wait until an attack happens to take action. The NSA wants to use the same mass-information harvesting systems they currently use on undersea cables, phone calls and Internet activity on the financial information moving in and out of banks, credit unions, investment advisors and stock exchanges. Two years ago, Alexander met with financial industry executives and talked about installing monitoring equipment directly onto the banking networks. It was reported that the executives rejected the proposal.
Cyberattack Resolution Cost And Frequency Rising
October 9, 2013 – According to a study done by the Ponemon Institute, this is the fourth consecutive year in which the cost, frequency and time to resolve cyberattacks continue to rise. The study shows that the average annualized cost of cybercrime incurred per organization was $11.56 million. This is a 78% increase over four years ago, and a 26% increase over last year. Organizations are spending 130% more time working to resolve cyberattacks compared to four years ago, with the average time to resolve an attack being 32 days. Distributed denial-of-service attacks, insider attacks and web-based attacks are the most costly, accounting for over 55% of cybercrime costs. Financial services, energy, defense and utilities sectors have higher cybercrime related costs than retail, consumer products and hospitality.
State of California Website Breached And Defaced
October 9, 2013 – The Filipino hacker known as Shadow Haxor is claiming to have breached and defaced the website of the California Employment Training Panel (EPT). The hacker gained access to the EPT systems by leveraging a ColdFusion vulnerability. The site's homepage was defaced, and the hacker added an additional defacement page that simply reads, "Shadow_Haxor." At the time of this writing, the site is not available.
Anonymous Sends Message To Greece's Golden Dawn
October 9, 2013 – Members of the Anonymous collective have posted a video speaking to the people of Greece and directly to Greece's extremist right-wing party, Golden Dawn. The hacktivists say in the video, "The first part of this message is for . . . Golden Dawn, the one responsible for the death of Pavlov Fyssas . . . We are opposed to such extreme ideologies, and certainly we do not dream to live in such a world. . . Golden Dawn, your website has passed to our possession. All your base belong to Us!" The second part of the message is addressed to the people of Greece and Cyprus and calls on them to "wake up" to what is going on in their country. The video ends with them saying, "Too late to expect us any more, we are already here."
KDMS Team Hacks Avira, AVG, Alexa And WhatsApp
October 8, 2013 – The hacking group known as KDMS Team has followed up their attack on the LeaseWeb website with the defacement of popular sites Avira, AVG, Alex and WhatsApp. All of these sites are registered with Network Solutions. It seems that the hackers compromised the domain provider and changed the DNS data instead of attacking each individual website. At the time of this writing the Avira site still shows the defacement, while the other sites have been taken offline.
Hacker, Paunch, Arrested by Russian Officials
October 8, 2013 – The author of the Blackhole exploit and other well-known exploit kits has been arrested in Russia. The hacker known as 'Paunch' has been detained and no additional details have been released by Russian officials. Paunch, the leader of the Russian Crimeware Gang, has evaded law enforcement for years by using sophisticated measures online to maintain the privacy of his identity. The capture of Paunch is an indication that law enforcement agencies are improving their methods of tracking and capturing elite hackers.
Fall Out from Adobe Breach Continues
October 8, 2013 – New concerns are emerging as details of source code for various Adobe software products have been confirmed to have been stolen. Acrobat, ColdFusion, ColdFusion Builder and other Adobe software products have all been impacted by last week's reported compromise. With access to this source code for up-to two months time--prior to the discovery of the breach--security analysts worry that code modification and release may introduce new zero-day threats. Additionally, the black market resale of the source code may fetch as much as $50,000 per buyer, a significant financial driver for the cyber criminals behind the Adobe breach.
Estimated 8 Out of 10 Global Users Infected by Trojans
October 8, 2013 – A recent report shows that Trojans make up three-quarters of all new malware and infections globally. Trojans are so effective for hackers due to their ability to be continuously modified, allowing it to escape detection by anti-virus software and gateways. The top three countries with infected systems are China (52.4%), Turkey (43.6%) and Peru (42.1%). The lowest infection rates exist in continental Europe with the UK having the lowest overall infection rate at 24.5%.
Leading Hosting Provider, LeaseWeb, Hacked
October 7, 2013 – One of the world's largest hosting providers, LeaseWeb, was hacked by the Palestinian hacking group KDMS Team. The home page of the LeaseWeb website was replaced with an Anonymous Palestine page with the title, "You Got Pwned." The page was up for a few hours before it was restored. KDMS Team posted another message saying, "We owned all of your hosted sites." LeaseWeb issued a statement saying, "No customer data compromised. We continue to investigate."
Wichita City Vendor Site Hacked And Defaced
October 7, 2013 – The vendors' sub domain of the Wichita City, Kansas website has been hacked and defaced by a hacker known as Agent Corporatio. The sub domain that was breached is for businesses to sign up as vendors to the city. Vendor information was leaked including names, user names, vendor ids, vendor names, mixed clear text and encrypted passwords, email addresses, phone numbers and some bank information. Agent Corporatio is a known member of the Turkish Ajan hacking group.
Tom Sawyer Software Breached, Information Leaked
October 7, 2013 – The hacker known as Nairb is claiming to have breached the systems of Tom Sawyer Software. Tom Sawyer Software provides software and services for the development of scalable and flexible data visualization applications. Nairb says that he did not deface the company's website, but he did leak vendor information. The hacker said, "The dump consists of the partially decrypted auth file and company/userlist file in main folder with mostly complete dump of main db and partial of staging db. 2 pieces to da puzzle." The leak contains over 60,000 records that contain user names, email addresses, password hashes, contact information and other account details. There has been no statement given by Tom Sawyer Software at this time.
Anonymous Hacks Latvia's State Employment Agency
October 7, 2013 – The hacker known as W1n5t0n, a member of the Anonymous collective, claimed to have hacked Latvia's State Employment Agency. W1n5t0n says he has leaked the information of over 3,000 users. The leaked information includes user names, email addresses and passwords. Most of the passwords are in clear text, putting the users in danger of having their accounts hijacked. The hacker did not give a reason for targeting the State Employment Agency.
13 Anonymous Members Indicted For Operation Payback
October 4, 2013 – Thirteen members of the Anonymous collective have been indicted by a US Grand jury for allegedly participating in Operation Payback. Operation Payback was an action by Anonymous where a number of websites were hit with distributed denial-of-service attacks in response to the shutdown of The Pirate Bay, the Swedish file-sharing website used to illegally download copyrighted material. The attacks were against the websites of the Recording Industry Association of America, Visa, Mastercard, Bank of America and several others. Those charged were Dennis Owen Collins, Jeremy Leroy Heller, Chen Zhiwei, Joshua Phy, Ryan Russel Gubele, Robert Audubon Whitfield, Anthony Tadros, Geoffrey Kenneth Commander, Austen Stamm, Timothy Robert McLain, Wade Carl Williams and Thomas Bell. The men range in age from 21 to 65 and live in 13 different states. The suspects are charged with conspiracy to intentionally cause damage to protected computers. According to court records the suspects conspired to coordinate DDoS attacks in Internet Chat Relay channels. The attacks caused an estimated $5,000 in damages and affected at least 10 protected computers.
Adobe Systems Breached, 2.9 Million Customer Logins Stolen
October 4, 2013 – Adobe Systems, Inc. has issued a notification to their users that the company has suffered a "massive and sophisticated cyber attack." Adobe believes that the attackers took information relating to 2.9 million customers, including customer names, email addresses, encrypted passwords, encrypted credit or debit card numbers, expiration dates and other information relating to customer orders. In addition to the customer data being accessed, it appears that source code for numerous Adobe products was also accessed. Law enforcement is currently investigating. Chief Security Officer of Adobe, Brad Arkin said, "We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you."
Anonymous Plans Monsanto Protest
October 4, 2013 – Members of the Anonymous Americalatina collective are planning an online protest against Monsanto for October 12, 2013. The operation will include distributed denial-of-service attacks and website defacements. The hacktivists are demanding that Monsanto stop contaminating the global food chain, intimidating small farmers, using destructive herbicides and pesticides and bribing officials. In a video announcing the operation, Anonymous says, "Anonymous urges all concerned citizens to stand up for these farmers, fight for the future of your own food, protest, organize, spread info to your friends! Say no to toxic chemicals in your food! Say no to GMO! Say no to Monsanto!"
Afghan Cyber Army Defaces Syrian Investment Agency
October 4, 2013 – Members of the Afghan Cyber Army have hacked and defaced the website of the Syrian Investment Agency. According to the hackers, the attack is a show of support for their "brothers in Syria who fight for freedom." The defacement page includes a picture of Bashar al-Assad with a message saying, "Hold your sword and fight those who have transgressed. With your machine gun enter the battlefield." At the time of this writing the site is still defaced.
Online Black Market, Silk Road, Seized By FBI
October 3, 2013 – Silk Road, the deep web bitcoin-based black market has been shut down by the Federal Bureau of Investigation. In addition, the owner of the site, Ross William Ulbricht, 29, was arrested on charges of narcotics trafficking, computer hacking and money laundering. Silk Road could only be accessed using a secure Tor browser allowing users to purchase illicit goods anonymously using Bitcoins. The FBI released a statement saying, "The government's investigation has revealed that, during its two and a half years in operation, Silk Road has been used by several thousand drug dealers and other unlawful vendors to distribute hundreds of kilograms of illegal drugs and other illicit goods and services to well over 100,000 buyers and to launder hundreds of millions of dollars deriving from these unlawful transactions."
Syrian Electronic Army Attacks GlobalPost Again
October 3, 2013 – For the second time in less than a week, the Syrian Electronic Army (SEA) has hacked the website of the GlobalPost news service. SEA is claiming to have deleted the website, issuing a statement saying, "We hope that you guys enjoy your time looking at your deleted website." GlobalPost released a statement saying, "GlobalPost has apparently been hacked by the Syrian Electronic Army. We are working hard to restore out site as soon as possible." At the time of this writing, the site has been restored. It is unclear if GlobalPost fixed the vulnerabilities that allowed SEA to breach the site.
Bitcoin Forum Breached
October 3, 2013 – Bitcointalk.org, a popular Bitcoin discussion forum has been breached by the hacking group known as The Hole Seekers. The hackers defaced the website with an animated page that played music and displayed rockets and explosions. The site has been taken down as a security precaution and will remain down until investigations into the hack are completed. The administrator of the site, Theymos, said, "There's a good chance that the attackers could have executed arbitrary PHP code and therefore could have accessed the database, but I'm not sure yet how difficult this would be." Users of the forum have been advised to change their passwords.
Iranian Cyber Warfare Chief Killed
October 3, 2013 – It is being reported that Mojtaba Ahmadi, the commander of Iran's Cyber War Headquarters has been killed. His body was found with two bullet wounds to the heart. Iran's "The Telegraph" reported that witnesses saw two people on a motorcycle assassinate Ahmadi with a pistol from close range. The Iranian Revolutionary Guard Corps has issued a statement denying the media reports that Ahmadi was assassinated. They said that "one of its workers," whose name they haven't revealed, has been involved in an "incident." But they reiterated that there has been no assassination. They are now investigating the incident and the intentions of the attackers.
100 Gbps DDoS Attack Reported
October 2, 2013 – It is being reported that an unnamed company has suffered a distributed denial-of-service attack that reached 100Gbps. No amplification techniques were used during the attack, meaning that the attackers have 100 Gb bandwidth available to them. The attack lasted for 9 hours before it was able to be successfully mitigated. The attack on Spamhaus in March 2013, which is considered the largest ever reported, reached 120 Gbps, but it used a DNS amplification technique to reach that level.
AnonGhost Breaches Baseball Canada Website
October 2, 2013 – Members of the AnonGhost hacking group are claiming to have hacked and defaced the website of Baseball Canada. The main domain and fifteen subdomains have been defaced. The defacement page contains a message reading, "Your website has been hacked by AnonGhost. We hacked your website because its security failed." This hack is unusual for the AnonGhost group, normally their hacks are related to anti-Israel messages. At the time of this writing the website has still not been restored.
LulzSec Peru Defaces Ministry Of Women And Vulnerable Populations
October 2, 2013 – Members of the LulzSec Peru hacking collective have hacked and defaced the website of Peru's Ministry of Women and Vulnerable Populations. The site's index page has been replaced with the LulzSec logo and a message reading, "Hacked by LulzSecPeru." No statement has been issued by the Ministry at this time. At the time of this writing the site has been restored and is operating normally. LulzSec Peru has a history of defacing several sites belonging to the Peruvian government and other South American governments.
50 Security Vulnerabilities Fixed In Chrome
October 2, 2013 – Google has fixed a total of 50 security vulnerabilities in the latest version of Chrome. The vulnerabilities include ten high-impact and six medium-impact flaws. Eleven security researchers have been credited with finding the vulnerabilities and were awarded a total of $19,000 for their work. Some of the researchers also worked with Google during the development of Chrome 30.
Syrian Electronic Army Hacks US News Agency
October 1, 2013 – The Syrian Electronic Army (SEA) hacking group has hacked the website and Twiiter account of the US based news agency, GlobalPost. SEA posted a tweet using the hacked account saying, "Think twice before you publish untrusted information about Syrian Electronic Army." GlobalPost Editor Kyle Kim sent out a tweet saying, "We've been hacked." The GlobalPost website was taken down soon after it was breached. The hackers said they attacked GlobalPost because it published "innocent peoples' names in their article and said that they are SEA members."
AnonGhost Returns With Hack Of Israeli Defense Contractor
October 1, 2013 – After just recently announcing that they were disbanding, the AnonGhost hacking group has reappeared taking credit for hacking the website of Israeli Defense Contractor Israel Product Research Co. LTD. (ISPRA). ISPRA develops, manufactures and markets non lethal devices for riot control, crowd management, anti terror equipment and police gear. The hackers left a message on the site saying, "We are AnonGhost and we are everywhere! There is no Israel in this map, no one recognize you because it is Palestine." At the time of this writing the site has been restored and is operating normally.
European Cyber Security Month Starts Today
October 1, 2013 – Today marks the beginning of the first official European Cyber Security Month. Throughout the month, 40 private and public stakeholders from 25 European nations will take part in cyber security activities designed to raise awareness. Activities will include workshops, lectures, fairs, online and outdoor campaigns, meetings and contests. Executive Director of ENISA, Udo Helmbrecht said, "Cyber security is about the possibility to live your digital life. We encourage you to get involved in the campaign: online security requires your active participation!"
Anonymous Defaced Site Of Indian Higher Education
October 1, 2013 – Members of the Anonymous Kashmir collective have hacked and defaced the website of the Board of Higher Secondary Education Delhi. The site's index page and a subdomain have been defaced with the message, "Congratulations India! Your brutality continues in Kashmir. . . You killed Kashmiri youth in hundreds just to prove that there are still militants in Kashmir." At the time of this writing the site is still showing the defacement.