Next »« Previous

LulzSec hacks EVE Online as rampage continues

Published at: 10:06 am - Wednesday June 15 2011

Hacker pranksters LulzSec took out sci-fi game EVE Online on Tuesday as part of a run of attacks apparently perpetrated purely for the lulz.

A DDoS attack left EVE Online offline for around five hours as part of an operation called Titanic Takeover Tuesday. CCP Games, the firm behind the popular multiplayer game, said that it took both EVE Online and its own website offline as a precaution, fearing that the DDoS attacks could act as a smokescreen for deeper penetrating assaults.

CCP Games said the drastic action of taking its sites offline was warranted. We doubt many gamers would agree, especially since it seems all CCP was dealing with was a packet flood. Viewed with benefit of hindsight, he gaming firm effectively threw in the towel without even attempting to stand up to LulzSec’s assault.

LulzSec also decided to attack a range of other targets including Escapist magazine’s website as well as online games Minecraft and League of Legends. LulzSec invited fans of its hijinks to suggest targets, much like DJs would invite record requests. It’s difficult to see any pattern behind the latest string of assaults.

(more…)

Posted in: Hacking, Lulzsec, Privacy, Security by Zac No Comments , , , , , , ,

NHS loose over 8million un-encrypted health records

Published at: 09:06 am - Wednesday June 15 2011

A London health authority has admitted losing a laptop which contains 8.6 million health records.

The machine was lost three weeks ago, but has only just been reported missing to police and the Information Commissioner’s Office.

We’ve asked North Central London health board why it needed to store 8.63 million health records on an unsecure laptop in the first place.

They sent us the following: “NHS North Central London is investigating the loss of a number of laptops. One of the machines was used for analysing health needs requiring access to elements of unnamed patient data. All the laptops were password protected and our policy is to manually delete the data from laptops after the records have been processed. NHS North Central London operates under strict data protection guidance and is taking the matter extremely seriously. We have started an investigation into the issues raised by the loss. We are liaising with the office of the Information Commissioner.”

(more…)

Posted in: Human Factor, Privacy, Security by Zac No Comments , , , , , , , , , , ,

Citigroup hack exploited easy-to-detect web flaw…apparently

Published at: 09:06 pm - Tuesday June 14 2011

Hackers who stole bank account details for 200,000 Citigroup customers infiltrated the company’s system by exploiting a garden-variety security hole in the company’s website for credit card users, according to a report citing an unnamed security investigator.

The New York Times reported that the technique allowed the hackers to leapfrog from account to account on the Citi website by changing the numbers in the URLs that appeared after customers had entered valid usernames and passwords. The hackers wrote a script that automatically repeated the exercise tens of thousands of times, the NYT said in an article published Monday.

 “Think of it as a mansion with a high-tech security system – that the front door wasn’t locked tight,” reporters Nelson D. Schwartz and Eric Dash wrote.

The underlying vulnerability, known as an insecure direct object reference, is so common that it’s included in the Top 10 Risks list compiled by the Open Web Application Security Project. It results when developers expose direct references to confidential account numbers instead of using substitute characters to ensure the account numbers are kept private.

(more…)

Posted in: Hacked, Privacy, Security, Vulnerabilities by Zac No Comments , , , , , ,

European Council: Creating hacking tools should be criminal across the EU

Published at: 03:06 pm - Tuesday June 14 2011

The making of hacking tools and computer viruses should be a criminal act across Europe, EU ministers have said.

The EU’s Council of Ministers has backed the extension of criminal sanctions to tool—makers in response to European Commission plans to update EU laws tackling attacks against computer systems.

Responding to European Commission plans to create a new anti-hacker Directive, the Council has said that the making of hacking tools should be criminalised, adding this to the list of currently criminal practices.

“The following new elements [should include] penalisation of the production and making available of tools (eg, malicious software designed to create ‘botnets’ or unrightfully obtained computer passwords) for committing the offences [of attacks against computer systems],” the Council of Ministers said in a statement (pages 18-19 of 38-page/176KB PDF).

“The term botnet indicates a network of computers that have been infected by malicious software (computer virus),” the Council statement said.

(more…)

Posted in: Ethical Hacking/Pen-Testing, Europe by Zac No Comments , , , , , ,

Video vigilantes in trouble again

Published at: 12:06 pm - Tuesday June 14 2011

Video vigilante service Internet Eyes is in trouble with data protection regulators again.

Internet Eyes streams CCTV footage from shops to its network of users who watch the live feeds from their home computer. Keen-eyed ‘noseyparkers’ can then hit an alert button if they spot a shoplifter. This information is then texted back to the shop owner.

But the company has been told by the Information Commissioner’s Office to change its policies after it found CCTV footage of an identifiable person on YouTube.

David Smith, deputy commissioner, said: “CCTV footage should not end up on YouTube when it shows someone simply out doing their shopping. A person’s CCTV image is their personal data. The law says that it should only be disclosed where necessary, such as for the purposes of crime detection, and not merely for entertainment.”

The ICO found CCTV footage was sent to users unencrypted and that the company kept no record of its users’ activities so could not tell who had put the video clip on YouTube.

(more…)

Posted in: Surveillance State by Zac No Comments ,

House of Commons hit by common theft

Published at: 12:06 pm - Tuesday June 14 2011

The House of Commons’ perennial theft problem has become increasingly high tech, with sporadic thefts of computers in recent years turning into a veritable run on laptops, according to the latest figures.

In a Commons answer last week, John Thurso detailed cases of theft on the Commons Estate over the last five years, for the benefit of MP Keith Vaz.

Back in 2006 there were 13 thefts, with the swag bag including one sim card, two laptops, a CD writer and a dictaphone. Non-high-tech items swiped included copier paper, lights, shoes, flowers and cash.

There were just eight thefts in 2007, all of them resolutely low-tech, including a bottle of whiskey, a rug, a cable drum, a purse, some cash and doorkeepers badge.

Just one laptop and one mobile phone went missing in 2008, but other items swiped included cash, a camera, a set of golf clubs, a set of chairs and a bike.

(more…)

Posted in: Government, Privacy, Public Sector, Security by Zac No Comments , , , , , , , ,

Anonymous serves notice on the Federal Reserve

Published at: 10:06 am - Tuesday June 14 2011

Infamous hacktivist collective Anonymous has served notice that it intends to attack the websites of the Federal Reserve.

The campaign – likely to take the form of denial of service attacks and possibly sit-ins – is in protest at the Federal Reserve’s role in the global financial crisis, misuse of US taxpayer funds and supposed role in driving millions worldwide into poverty. The planned cyber-assault is timed to coincide with Flag Day, 14 June.

Hacktivists have christened the campaign Operation Empire State Rebellion. Anonymous is calling for the cyber-protests to continue until Federal Reserve Chairman Ben Bernanke steps down, as explained in a video-manifesto (below).

Anonymous began life in the anarchic message boards of 4chan as a protest against the Church of Scientology back in 2008. Its targets since then have included the entertainment industry (and in particular Sony), organisations that withdrew payment facilities from WikiLeaks (Mastercard, PayPal) and HBGary, a security firm that threatened to out Anonymous members.

(more…)

Posted in: Anonymous, Hacking, Privacy, Security by Zac No Comments , , , , , ,

LulzSec targets US Senate

Published at: 09:06 am - Tuesday June 14 2011

Hacker tricksters LulzSec is baiting US lawmakers with its latest attack on the US Senate.

The hacking group posted what security experts Sophos characterised as “basic information on the filesystems, user logins and the Apache web server config files” of the Senate website on Wednesday morning.

The group also posted a directory listing in a post that ends with a brazen taunt to US authorities, referencing proposals by the Obama administration to make hacking critical infrastructure systems an act of war.

This is a small, just-for-kicks release of some internal data from Senate.gov – is this an act of war, gentlemen? Problem?

Under existing US computer crime law (specifically the Computer Fraud and Abuse Act) the hack might be punishable upon indictment and conviction by up to five years’ imprisonment.

(more…)

Posted in: Hacking, Lulzsec, Privacy, Security by Zac No Comments , , , , , , , ,

Metro Bank – School boy error for new kid on the block

Published at: 08:06 am - Tuesday June 14 2011

Metro Bank, the newly established UK retail bank, has irked its customers with a schoolboy email error.

The latest marketing missive from the bank was sent using all the email addresses in to To: field instead of using the bcc (blind carbon copy) field. In the process, the bank disclosed the email addresses of around 1,200 customers to each other. The email, sent on Friday, told customers their monthly bank statement for May was ready as well as mentioning what one customer described as a “back-slapping” commentary about improvements Metro Bank is making to its internet banking service.

The next email was a fruitless “recall” request, followed shortly afterwards by an apology email from the bank’s managing director, Paul Marriott-Clarke (extract below).

“We are aware that we have made a small internal administrative error leading to us sending a generic email to a small number of customers who can see the email addresses of the other individuals included on the email.

(more…)

Posted in: Human Factor, Privacy by Zac No Comments , , , , , , ,

LulzSec targets CIA.gov

Published at: 01:06 am - Tuesday June 14 2011

LulzSec, the hacking and prankster collective that has attacked the US Senate, Sony, and the Fox and PBS television networks, has struck again, claiming it was behind an assault that took down the website for the Central Intelligence Agency.

Attempts to access cia.gov on Wednesday afternoon were met with only limited success. LulzSec claimed responsibility for the brief and only partial outage, writing in a Twitter post: “Tango down – cia.gov – for the lulz.”

The website contains no classified material, but bringing down the public portal of one of the world’s most powerful government agencies would nonetheless be LulzSec’s most brazen prank to date. There was no way to independently verify the group’s claim of responsibility.

A CIA spokeswoman told the Associated Press that officials are investigating the reports. Such outages are often the result of DDoS, or distributed denial of service, attacks. The assaults generally require little skill to carry out.

Posted in: Government, Hacking, Lulzsec, Security by Zac No Comments , , , ,
Next »« Previous