Mid-sized businesses are finding themselves in a precarious position as of late. Forced to cut back spending because of the ongoing recession, many firms are spending less on security, but at the same time, cyber attacks are on the rise, according to a McAfee report released today.
Making a high profile hacker arrest is respectable accomplishment, but bragging about it to his friends on the community forums is clearly a bad idea. I’m sure you didn’t need to be told this, but apparently it’s a lesson the Australian Police Department had to learn the hard way. In a recently televised take down broadcast on ABC’s Four Corners, Australian investigators raided, and sized computer equipment belonging to the administrator of an underground hacking forum located at r00t.y0u.org. Following the arrest, interrogators were able to obtain passwords, and began using the site as a honey pot to try and expose other potential suspects.
Unfortunately for Police word of the arrest leaked out quickly, and it didn’t take long for the community to discover something was up. Matters were further complicated when the police agency began taunting the forums visitors by saying “all member IP addresses have been logged, and arrests are being made”. Enraged by the comments, members of the hacker community broke into the system police were using during the investigation and supposedly gained access to intelligence contained within the federal police mainframe.
The hacker posted his own retort to the Australian police on pastebin.com mocking them for busting a couple of “script kiddies” and posted pictures of fake IDs and stolen credit card numbers lifted from police servers. The hacker continued by claiming “I couldn’t stop laughing on seeing that the federal police server was running Windows”. Apparently the MYSQL password was also left blank (opps!). Apparently this 30 minute long hack could have been faster if he “didn’t stop to laugh so much”.
Police claim the files were intentionally planted on the compromised system. Anyone buy that?
Two high-profile security professionals -- security researcher Dan Kaminsky and former hacker Kevin Mitnick -- were targeted by hackers this week in what appears to be an attempt to call into question the duo's credibility right on the eve of the Black Hat and DefCon security conference.
"There are people who just live press release by press release," the hackers wrote in note posted on Kaminsky's website. "And on top of it all, somehow you STILL have not got rid of Kevin Mitnick. The industry cares about virtualization one year and iPhones the next, every year forgetting the lessons it should have picked up in the last."
The hackers also stole personal data and posted it online, which included private emails between Kaminsky and other security researchers, very personal chat logs, and a list of files Kaminsky downloaded that pertain to dating and other topics, Wired reports.
After discovering a flaw in the DNS protocol, Kaminsky received the Pwnie award for the "Most overhyped security vulnerability" at Black Hat 2008. Mitnick was once considered "the most wanted computer criminal in United States history" by the government but has been accused by some in the hacking community as living off a dated reputation.
Social networking is all fun and games until someone hijacks your social security number, sells it to the seedy underground world of cyber-crime, and ultimately destroys your credit. But does that really happen?
Celebrities have been dropping like flies in recent weeks, with Michael Jackson, Farrah Fawcett, Ed McMahon, and Billy Mays all having parted ways with the living. If you follow feeds on Twitter, you may have thought a lot more passed on, making you wonder if there really is something unsanitary flowing in Hollywood's water. That's because hackers have been gaining access to celebrity accounts and sending out bogus death notices for the likes of Britney Spears, Ellen DeGeneres, Jeff Goldblum, and P. Diddy.
"Britney has passed today," the fake tweet announced on Sunday. "It is a sad day for everyone. More news to come."
After learning of the message, Spears' staff tweeted that the pop singer's account had been compromised and that "She is fine and dandy spending a quiet day at home relaxing."
To gain access to celebrity accounts, hackers took advantage of a vulnerability allowing them to try every pin combination possible until one worked. Twitter claims a "fix has been put in place to prevent ths from happening."
Google has confirmed that the error messages people received on Thursday when searching for details of Michael Jackson’s death, was initially perceived as an attack. Searches between 2:45 and 3:15pm were returned with "We're sorry, but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now."
After Obama’s website, black hats have now managed to sow the seeds of deceit in Google video search results. Security firm Trend Micro has discovered that that about 400,000 queries trigger Google Video search results that “have a single redirection point, and one that eventually leads to malware download and execution.” The black hats have been able to manipulate search results to their advantage using simple SEO techniques. For this purpose, they have reserved several domains and populated them with keywords.
According to Trend Micro, the malware executable, dubbed WORM_AQPLAY.A, proliferates using removable and network drives. The malware executable is disguised as an Adobe Flash installer. The malware only prompts the user to download the malicious Flash installer when he reaches one of the malefic video websites being run by the black hats.
Earlier this year, researchers for Finjan, a web security firm, said that stolen bank data had become "commoditized," with items like PIN codes and credit card information fetching only a fraction of what they used to pull in. Now Finjan warns of an impending "sharp rise [in cybercrime] in 2009 due to the current economic downturn, which makes financial gain from stealing data and selling online even more attractive."
While fears of a recession are the on the minds of those looking to make an honest living, unscrupulous hackers are thriving in an underground economy worth billions of dollars. The revelation comes as part of new report released today by Symantec titled "Report on the Underground Economy."
The eye-opening report reflects activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. During that time, Symantec claims to have witnessed 44,752 unique samples of sensitive information publicly posted on various servers. These samples, which represent 10 percent of the total distinct messages, serve as proof that the seller in question has the information they claim to have, as well as to show potential buyers the quality of goods they can expect to receive.
According to Symantec, credit card information reigns supreme and accounts for nearly a third of the total. Credit cards were seen selling for as little as $.10 to $25 per card, despite an average advertised limit of $4,000. When added up, Symantec calculated the total potential worth to be in the neighborhood of $5.3 billion.
But that number doesn't take into account stolen financial accounts, which makes up 20 percent of the total. Stolen bank accounts were seen seling for between $10 and $1,000 with the average balance hovering at nearly $40,000. By Symantec's math, that puts the total worth at $1.7 billion, or around $7 billion for credit cards and bank accounts combined.