Wednesday, April 6, 2011

Massive hack hits US banks and retailers

The names and emails of customers of Citigroup and other large US companies were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon.
In what could be one of the biggest such breaches in US history, a diverse range of companies that did business with Epsilon stepped forward over the weekend to warn customers some of their electronic information could have been exposed.
Walgreen, TiVo, credit card lender Capital One and teleshopping company HSN all added their names to a list of targets. JPMorgan Chase, the second-largest US bank, and Kroger, the biggest US supermarket operator, said that some customers were exposed as part of the Epsilon data breach.
Epsilon, an online marketing unit of Alliance Data Systems, said that a person outside the company hacked into some of its clients' customer files. The vendor sends more than 40 billion email ads and offers annually, usually to people who register for a company's website or who give their email addresses while shopping.
Some of Epsilon's other clients include Verizon, Hilton Hotels, Kraft Foods, and AstraZeneca.

Losing your email address via a service to which you already belong makes it much easier for scammers to hit you with emails which match your existing interests, at least loosely
"We learned from our email provider, Epsilon, that limited information about you was accessed by an unauthorised individual or individuals," HSN, also an ecommerce operator, said in an email to customers.
"This information included your name and email address and did not include any financial or other sensitive information. We felt it was important to notify you of this incident as soon as possible."
Law enforcement authorities are investigating the breach, though it was unclear how many customers had been exposed. Epsilon is also looking into what went wrong.
"While we are cooperating with authorities and doing a thorough investigation, we cannot say anything else," said Epsilon spokeswoman Jessica Simon. "We can't confirm any impacted or non-impacted clients, or provide a list (of companies) at this point in time."
Cloud problems
Paul Ducklin, head of technology for Sophos, noted that email address leaks were not seen as a "cardinal sin" among companies, but would lead to an increase in spam to affected accounts.
"Also, losing your email address via a service to which you already belong makes it much easier for scammers to hit you with emails which match your existing interests, at least loosely," he noted in a blog post. "That, in turn, can make their fraudulent correspondence seem more believeable."
As Epsilon is essentially a cloud-based email contractor, he said firms should take note that moving to the cloud could have security implications, saying "sometimes, keeping your own skills and abilities factored in to your organisation's security equation can pay off". was faced with a similar problem, after its email marketing firm leaked customer data last month.

State Blamed in LiveJournal Attack

LiveJournal Russia, the country's main platform for uncensored political discussion, recovered Tuesday from its biggest-ever hacker attack — which bloggers said could not have been staged without state resources.
The Cyrillic segment of the blogging service, which numbers 4 million Russian-language users, was first hit by a cyber attack last Wednesday.
Hackers used computers infected by malware, mostly in Asian and Eastern European countries, to flood the servers with requests, paralyzing them for seven hours. A second wave followed Monday, again rendering inaccessible in Russia.
Initial speculation suggested that the attacks had targeted individual bloggers, possibly Kremlin critics. Such incidents have taken place before. But LiveJournal management reported that the whole site had been targeted.
"The attack targeted dozens of top bloggers and communities" indiscriminately, said Ilya Dronov, development director with the site's owner, SUP.
"The reason for attack is more than clear in this case — someone wants LiveJournal to disappear as a platform," he said Tuesday in a post on his own LiveJournal blog, Igrick.
The hackers sought to leave the Russian blogosphere without a single stable platform to operate on, dispersing them to other social networks where "it's easier to fight individual users," Dronov wrote.
He stopped short of naming any names, predicting only that more attacks would follow. SUP will have to ship more powerful equipment to Russia to resist further attacks, Dronov said.
The company "doesn't exclude a lawsuit option," Svetlana Ivannikov, head of LiveJournal Russia, said late Monday in a statement. But she also identified no suspects.
Bloggers, however, minced no words, naming the Kremlin as the only power capable of staging such a large attack.
Anton Nosik, a prominent LiveJournal blogger and former director of SUP, wrote on that massive attacks require considerable administrative and "financial support."
He admitted that it was hard to estimate the attack's cost, but said the pro-Kremlin Nashi movement might be behind it because it was in the past accused — though not convicted — of hacking the blogs of opposition activists and of a cyber attack on the Estonian government's site.
Alexei Navalny, a popular blogger and anti-corruption activist, said the attacks were a start for the Kremlin's "counter-propaganda plan" ahead of the upcoming State Duma vote and presidential race.
The Kremlin has not commented on the accusations, while Nashi spokeswoman Kristina Potupchik said by telephone Tuesday that they were "some person's groundless assumptions."

Tuesday, April 5, 2011

Anonymous Declares War on Sony

In Sony’s effort to pursue George “GeoHot” Hotz and other Playstation hackers to the ends of the earth (literally), they’ve poked the sleeping giant of Anonymous, the 4chan based hivemind who under the guise of “freedom of information” has now officially declared war on Sony, and has launched attacks ranging from bringing down their websites (and possibly the PSN) to publishing personal information of the executives.
The “press release” by Anonymous says things like “You have abused the judicial system in an attempt to censor information about how your product works” and more tellingly, “You saw a hornet’s nest, and you stuck your penises in it.”
But even though it may seem childish on the surface, Anonymous is not a group to be trifled with. They’ve taken on corporations before, most recently places like Bank of America, Paypal and a whole host of companies that decided to act against kindred spirit Wikileaks in various ways.
Yesterday, they took down Sony and, and the Playstation Network was non-functional most of the day. There’s no official confirmation that despite claims of “routine maintenance,” this was actually because of Anonymous, but it seems like an awfully big coincidence if not. By taking down the service, Anonymous would presumably be trying to draw customer’s ire toward the company, as most wouldn’t know who was responsible for the outage.
But today there’s a new battlefront, as Anonymous has turned to start finding and publishing personal information about Sony executives. When the info is located, advice on the forums suggest to crank call them on Skype, place Craigslist erotic personals in their name and send their friends and loved ones “STD postcards” announcing a newly acquired disease. No one ever said they were mature, as often being straight up malicious overshadows the primary directive of the group. Nothing is sacred, and dueling with Anonymous is like trying to have a fistfight where your opponent kicks you in the groin, throws sand in your face and stabs you with a razor blade.
As of now, and are online, and the PSN is back up almost everywhere. I agree that Sony isn’t handling this hacking disaster particularly well, but it’s hard to condone Anonymous’s tactics either.

Anonymous Launches New DDoS Attack Against RIAA

The Anonymous hacktivist collective has launched new distributed denial-of-service (DDoS) attacks against the Recording Industry Association of America (RIAA), after the trade group sued LimeWire for 75 trillion dollars.

LimeWire, one of the oldest peer-to-peer file sharing applications, was discontinued last October after RIAA won a permanent injunction forcing its creator, Lime Wire LLC, to disable the program's searching, downloading, uploading, file trading and/or all of its functionality.
The LimeWire shutdown is credited by market research group NPD with a drop of nearly 50% in the number of U.S. users who engage in Internet piracy.

Earlier this month, on behalf of music labels, RIAA filed a statutory damage claim of $150,000 for each of the 11,000 songs illegally shared by LimeWire users.
RIAA's request for what is a total of $75 trillion was rejected by Judge Kimba Wood of the U.S. District Court for the Southern District of New York as "absurd."

In his ruling, Judge Wood said the claim "offends the canon that we should avoid endorsing statutory interpretations that would lead to absurd results."

Despite RIAA's request being denied, the Anonymous collective, which fights for freedom of information and the abolishment of what it sees as draconian copyright laws, mounted a DDoS attack against the trade association's website.

"The RIAA are at it again, and thus, the time for action has come. What shenangans have they cooked up this time? More ambitious than suing children for millions of dollars, they have escalated their tactics.

"They are suing Limewire for 75 Trillion dollars, twelve times more money than the U.S. National debt. That is the actual amount that they can sue Limewire for based on our current bull**** [censored] legal system," the group writes in a call for DDoS posted online.

ANCYL Website Hacked

The website of South Africa’s ANC Youth League (ANCYL) was hacked last Wednesday afternoon, in what some believe is the start of a much larger cyber-war in the country.
Computer news website reports the hackers gained administrative access to the site. A fake press release by ANCYL leader Julius Malema announcing his resignation from the political organization because he “had made a fool of [him]self,” among other “essential” reasons, was posted on the front page.
“The hacker then went on to expose the site’s directory structure, systematically deleting core config files (see screenshot below) before — we suspect — a backup was implemented,” membrum reports.
The attack happened hours before Malema was set to give a radio interview on Metro Drive FM. The website of the popular news-talk station was also defaced at the same time.

Screenshot of the hacked ANYCL website.
Although the website was repaired a few hours later, it was still experiencing errors over the next several days.
An examination of the source code of the attack shows someone named “Warbird” was responsible, although it is not known who exactly did it.
Hacktivist group Anonymous posted a video calling on the people of South Africa to overthrow their government on March 18.
Online marketing specialist Rafiq Philips told TimesLIVE, “There are some basic security measures you have to take care of when you build a website, obviously the youth league website was lacking.”
ANCYL spokeswoman Magdelene Moonsamy gave an Orwellian spin on the hacking to IOL News when she said,
“There is nothing that we are aware of at this point and there is nothing on our website.
“We do not have time for things like this.”
ANCYL spokesman, Floyd Shivambo, slammed down the phone on Times LIVE when they contacted him for comment about the hacking.