Foxconn said to have been hacked by group critical of working conditions
Hackers claimed to have stolen internal data from Apple supplier Foxconn, and leaked the information online, in response to media reports of poor working conditions at the electronics manufacturer's factories in China.
The hacker group, Swagg Security, announced the attack in a Twitter message on Wednesday, and also leaked data stolen from the Foxconn site to The Pirate Bay. It said the data included user names and passwords. "The passwords inside these files could allow individuals to make fraudulent orders under big companies like Microsoft, Apple, IBM, Intel, and Dell," the hackers said in a message on Pastebin. Read more...
Symantec expects Anonymous to publish more stolen source code
Symantec today confirmed that the pcAnywhere source code published on the Web Monday by hackers who tried to extort $50,000 from the company was legitimate.
A company spokesman also said that Symantec expects that the rest of the source code stolen from its network in 2006 will also be made public.
Symantec's acknowledgement followed the appearance late Monday of a 1.3GB file on various file-sharing websites, including Pirate Bay, that claimed to be the source code of the pcAnywhere remote-access software.
Download activity for the BitTorrent file has been moderately brisk: As of mid-morning Tuesday, Pirate Bay identified 376 "seeders," the term for a computer that has a complete copy of the file -- and about 200 "leechers," or computers that have downloaded only part of the complete torrent. Read more...
Anonymous hack an anti-hacking FBI call; takes down the Boston PD
Whether you agree with the tactics of hacker group Anonymous or not, you have to admit they have a good sense of irony. Earlier today, the group hacked an FBI conference call about ... the threat posed by Anonymous.
News of the hack spread quickly via Twitter, and a recording of the call was posted on YouTube. The FBI has confirmed the authenticity of the recording in a statement, saying that they are "hunting those responsible." Read more...
Hackers disclose Israelis’ credit card information
Hackers claiming to be Saudis posted credit card information of thousands of Israelis on the Internet, credit card companies said Tuesday, in what appeared to be a politically motivated attack. One expert played down its scope.
The Israeli Ynet news website said the hackers, identifying themselves as Group-XP, called the cyber attack a "gift to the world for the New Year" that they hoped "would hurt the Zionist pocket."
They claimed to have compromised 400,000 credit-card holders, but Israel's central bank said only about 15,000 active cards were affected.
"Group-XP is a known Saudi hacking group that seeks to propagate Wahhabism," the strict form of Islam practiced in Saudi Arabia, said Gadi Aviran of Terrogence Ltd., an Israeli web intelligence company. Read more...
Websites, apps vulnerable to low-bandwidth, bot-free takedown, say researchers
Hackers armed with a single machine and a minimal broadband connection can cripple Web servers, researchers disclosed Wednesday, putting uncounted websites and Web apps at risk from denial-of-service attacks.
In a security advisory issued the same day, Microsoft, whose ASP .Net programming language is one of several affected by the flaw, promised to patch the vulnerability and offered customers ways to protect their servers until it releases an update.
In a follow-up message, Microsoft announced it was shipping an "out-of-band," or emergency update today. The update was released at 1 p.m. ET. Designated MS11-100, it also fixed three other bugs in ASP .Net, one tagged "critical." None of those three had been disclosed publicly prior to today.
The problem that caused a stir in the security community exists in many of the Web's most popular application and site programming languages, including ASP .Net, the open-source PHP and Ruby, Oracle's Java and Google's V8 JavaScript, according to two German researchers, Alexander Klink and Julian Walde. Read more...
2012 in security: Rising danger
Computer security involves more than installing an antivirus utility on your PC. Malicious hackers are on a mission to steal money and wreak havoc, and they'll do it by any means possible. The growing number of mobile devices, such as phones and tablets, and the popularity of social networks give them new avenues in which to expand their cybercrime.
Here's a look at the security issues various technologies will face in the coming year.
Smartphones and tablets
The amount of malware spreading on phones and tablets continued to surge this year, rising 22 percent over 2010 in the first half of 2011, according to a McAfee study (PDF). Android came under fire -- surpassing Symbian and Java ME as the most attacked mobile operating system, according to the study -- with a 76 percent jump in malware from the first quarter of 2011 to the second. Android became the target due to its open nature and its large market share (43 percent in the third quarter of 2011, according to Nielsen).
Mobile infections will continue to rise in 2012 -- especially on Android products -- as the population of devices increases further. Mobile malware often spreads via app stores, posing as a new app or as a look-alike of a well-known app. Third-party app directories usually contain more malware than official app stores do, so stick with the latter. Even then, examine user reviews and do research before you download, especially in the case of new apps. Also, install an antivirus app like Lookout Mobile Security for Android, BlackBerry, iOS, and Windows Mobile, or AVG Mobilation for Android and Windows Phone 7. Read more...
Espionage network exploiting Adobe Reader flaw
Adobe warned users of its Reader software earlier this week that hackers were using a critical vulnerability in the program to enable "limited, targeted attacks." Today security firm Symantec provided details of the compromise, which appear to have been well-funded efforts aimed at stealing secrets from specific industries and government agencies in the United States and United Kingdom.
The attacks used crafted emails designed to look like personal communications to specific managers or executives at the targeted organization, the company states in its brief analysis. Once the PDF attachment is opened, a Trojan -- dubbed "Sykipot" by Symantec -- infects the system using the vulnerability. Once a system is compromised, it communicates with a network of command-and-control servers hosted on at least a dozen and perhaps more than 50 domains. Read more...
Anonymous and Team Poison form alliance to steal from rich, give to poor
Throughout history, there have been a few good-hearted thieves who’ve stolen the hearts and minds of the public — in addition to the physical objects they’ve swiped. Top among them, of course, if Robin Hood. Now, a new gang of Merry Men is setting out to help the 99% through similar tactics.
The world’s two most widely-recognized hacking collectives, Anonymous and Team P0is0n, are joining forces. Their target: the same banks, coporations, and members of the 1% who inspired the #Occupy movement. They’re kicking off the campaign — which is being called #OpRobinHood — under the assumed name of p0isAnon (we see what they did there). Their goal is clear: steal from the rich and give to the poor. Read more...
Hackers launch millions of Java exploits, says Microsoft
Hackers continue to launch attacks exploiting vulnerabilities in Oracle's Java software in record numbers, Microsoft said Monday.
Citing research from a recent report, Tim Rains, a director in the company's Trustworthy Computing group, said that up to half of all attacks detected and blocked by Microsoft's security software over a 12-month period were Java exploits.
Altogether, Microsoft stopped more than 27 million Java exploits from mid-2010 through mid-2011.
Most of those exploits targeted long-ago-patched vulnerabilities, said Rains.
The most commonly-blocked Java attacks -- to the tune of over 2.5 million of them -- in the first half of 2011 exploited a bug disclosed in March 2010 and patched by Oracle the same month. Second on the popularity chart for the full 12-month stretch was an exploit of a bug patched in early December 2008, nearly three years ago. Read more...
AT&T hackers have terrorist connections, say Philippines police
The U.S. Federal Bureau of Investigation and police in the Philippines have jointly busted a ring of four alleged hackers in Manila with connections to a terrorist group in Saudi Arabia, the Criminal Investigation and Detection Group of the Philippines police said last week.
FBI agents, who have been investigating hacking of telecommunication companies in the U.S. and in the country since 1999, have uncovered a "paper trail" of various bank transactions allegedly linking the local hackers to the cell in Saudi Arabia, whose activities include financing terrorist activities, CIDG said in a statement.
The operation last week followed a complaint from AT&T, which suffered losses of up to US$2 million as a result of a hack of its system, the Philippines police agency said. Read more...
Chinese hackers took control of NASA satellite for 11 minutes
Landsat-7 and Terra EOS satellites
Hacking is becoming a growing problem on Earth. It may seem strange to mention Earth, as there’s not much to hack outside of our planet’s atmosphere unless you count satellites. Even then, how feasible would it be to gain access to the systems running such devices?
Well, China not only has people working on such things, it has been discovered they actually managed to take control of two NASA satellites for more than 11 minutes. Read more...
Anonymous supporters claim NBC News Twitter hack
Hackers calling themselves the Script Kiddies took control of the NBC News Twitter account on Friday afternoon and used it to send out a series of hoax Twitter messages claiming there was a repeat terrorist attack on New York's Ground Zero.
The Script Kiddies had control of the account, which has more than 120,000 followers, for about 10 minutes before it was suspended. During that time they sent three messages stating that hijackers had crashed two airplanes on the site of the Sept. 11, 2001, terrorist attacks. "This is not a joke, Ground Zero has just been attacked. We're attempting to get reporters on the scene. #groundzeroattacked." said one of the messages.
Then, a minute later, perhaps sensing that the jig was up, they wrote. "NBCNEWS hacked by The Script Kiddies. Follow them at @s_kiddies!" Read more...
Hackers acquire Google certificate, could hijack Gmail accounts
Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider, a security researcher said today.
Criminals could use the certificate to conduct "man-in-the-middle" attacks targeting users of Gmail, Google's search engine or any other service operated by the Mountain View, Calif. company.
"This is a wildcard for any of the Google domains," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.
"[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security. Read more...
Third Man Charged in Crackdown on ‘Anonymous’ Hackers
U.K. authorities charged a third man on Thursday as part of a global law-enforcement probe into online activist group Anonymous and its offshoots.
On Thursday, London's Metropolitan Police Service said it charged 22-year-old Peter David Gibson with a computer-related offense. Mr. Gibson, who is a student in Hartlepool, in the northeast of England, was arrested in early April. He been released from police custody on bail and is due to appear at a London magistrates' court on September.
Law enforcement agencies in the U.S., the U.K., the Netherlands and elsewhere are probing Anonymous and offshoot groups, ...
(Source: wsj.com)
Pentagon loses 24,000 classified files in massive hacking breach
The Pentagon has been taking cybersecurity a good deal more seriously lately — but a new breach could mean it's too little, too late. The news that 24,000 sensitive files had been leaked was ironically — or perhaps appropriately — revealed during a cyber strategy speech in which the military unveiled more about its aggressive new strategy for dealing with threats that aren't quite as cut and dry as those on the battlefield.
According to Deputy Defense Secretary William J. Lynn III, the documents were lifted from a defense contractor during a single hack perpetrated by "foreign intruders" in March of this year. Read more...