Log in

Archive for June, 2011

Goatse Security hacking group orchestrated a security breach of AT&T’s servers

June 28th, 2011

Cybercrime

Wikipedia defines cybercrime as “any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. A computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators”.

The AT&T iPad hacking case

More than 100,000 Apple iPad users were a victim of data breach after the hackers accessed AT&T’s servers. Last June, Daniel Spitler of San Francisco, Calif., and Andrew Auernheimer of Fayetteville, Ark. broke into a computer without user authorization. They tried to obtain email addresses from the SIM card addresses of at least 114,000 iPad 3G users. Initially the attack appeared to be a sophisticated hack, the actual exploit used an automated script to submit HTTP requests for thousands of possible serial numbers and collect AT&T’s responses.

Post-breach, AT&T issued a statement. “This issue was escalated to the highest levels of the company and was corrected by Tuesday. We are continuing to investigate and will inform all customers whose e-mail addresses… may have been obtained,”.

How Daniel pilfered AT&T’s servers?

Daniel Spitler wrote a script called the “iPad 3G Account Slurper” and used it to access AT&T servers thereby getting info on e-mail addresses and associated unique iPad numbers. Spitler got in touch with co-defendant Andrew Auernheimer over Internet Relay Chat and they both hatched the plan of taking advantage of the Web site hole and the data from 100,000 accounts that was exposed.

Update on the case

Daniel Spitler has pleaded guilty to breaking into AT&T’s systems and obtaining the email addresses of iPad users. He is allegedly member of the Goatse Security hacking group. Spitler faces up to 10 years in prison and, $500,000 in fines on one count of conspiracy to gain unauthorized access to computers and on one count of identity theft. He is scheduled to be sentenced September 28 in Newark federal court.

Andrew Auernheimer was arrested January 18 in Fayetteville, Ark., while appearing in state court. Charges against him are still pending. He had pleaded not-guilty saying that he and his Goatse Security hacking group were planning to warn AT&T about the hole and notifying iPad 3G customers about the exposure of their data. But the chat logs were evidence enough to point out that they had not contacted AT&T.

“The magnitude of this crime affected everyone from high ranking members of the White House staff to the average American citizen,” said Michael B. Ward, special agent in charge of the FBI’s Newark Division. “It’s important to note that it wasn’t just the hacking itself that was criminal, but what could potentially occur utilizing the pilfered information.”

How Alertsec can protect our computers?

Alertsec provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. It uses Check Point Full Disk Encryption (former Pointsec) software, and has created a web based encryption service that radically simplifies deployment and management of PC encryption.

Alertsec Xpress is the service that automatically protects ALL information you store on your PC

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption.
Powered by Check Point – the market leader

No comments »

Posted in Computer security, Data Protection, Encryption, computer security software, data breach, data encryption

NATO could be the next victim of a data breach

June 27th, 2011

NATO's e-Bookshop attacked

Data breach and its definition

Data breach incidents range from planned attacks of organized crime on a national government website to carelessly selling of used computer equipment or data storage media. Definition “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”

What do data breaches include?

Data breaches include financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets of corporations or intellectual property

What happened at NATO?

NATO was recently notified of a possible data breach from a NATO-related website run by an external company

The North Atlantic Treaty Organization (NATO) has issued a statement

“Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.”

In detail

The e-Bookshop site offers free access for the general public to NATO publications and multimedia products in both electronic and print format s and does not contain classified documents.

The site has been closed down and users have been informed. The virtual bookstore is reachable though, through the NATO web address.

NATO has not disclosed as to what data was lost or how the attackers hit the server. It has just informed about a data breach and confirmed that no confidential data was compromised.

Speculation about the attack being related to NATO’s recent clash with the online group Anonymous is very high. The global organization had warned member nations about the rising threat of “hacktivism,” or carrying out cyberattacks for political purposes.

But “Anonymous” has completely defended this crime saying “NATO fears the group not because it’s a “threat to society,” but because it’s a “threat to the established hierarchy.” It further added “This is no longer your world. It is our world – the people’s world.
”
NATO’s strategy

NATO’s Strategic Concept, identifies cyber defence as one of the critical tasks to be carried out develop to prevent, detect, defend against and recover from cyber-attacks. NATO defence ministers agreed this month on a cyber defence action plan to limit these attacks. This action plan is already being implemented.

LulzSec group attacks at the same time

The LulzSec hacker group has broken into official computers used by the State of Arizona. The accessed data which includes personal emails, names, addresses and passwords of officials, along with confidential document has been made public online.

The number 1 laptop encryption service – Alertsec

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Data Protection, data breach, data encryption

Tags: alertsec Arizona Bookselling breach notification Check Point computer encryption software Computer security Credit card data breach data theft prevention disk encryption full disk encryption NATO Personally identifiable information

Major game developer Square Enix victim of data breach

June 26th, 2011

Square Enix, the latest victim of data breach

It is now obvious that hackers have decided to hit all major game developers! Last few weeks has seen data breaches of game sites like Nintendo, Bethesda Softworks, Sony, Epic games and Codemasters. The latest is Square Enix, one of the world’s largest developers and publishers of games for PCs and consoles.

Square Enix, well-known for creating the Final Fantasy and Kingdom of Hearts franchises were targeted by unknown hackers mid-way through last month. The cyber attack also reportedly focused on the company’s website.

Computer hackers managed to hit two websites of the Japanese company, Eidosmontreal.com, run by Square Enix’s subsidiary Eidos, and Deusex.com, a promotional site for the upcoming game, Deus Ex: Human Revolution. Up to 25,000 email addresses had been taken in the security breach. The company also stated that the attackers couldn’t access the credit card numbers of users, but they managed to download the resumes of about 350 people who applied for jobs in one of the company’s offices in Canada.

As per the statement “Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation,”

Former Washington Post writer Brian Krebs reports that both the official Deus Ex: Human Revolution and Eidos websites were closed on Thursday morning, May 12. It appears that during this period hackers put up a banner that read “Owned by Chippy1337”. The hackers threatened to distribute the stolen information on file sharing networks. Personal information of more than 25,000 users was stolen. 350 of these were resumes that were accessed and each of the affected individuals were sent apology letters.

The hacked sites were immediately closed down. Damage was analyzed and once improved security measures were implemented, the sites were up and running.

Square Enix has lost so much sensitive data that one has now started questioning about network security.

Robust information security initiatives and a proficiently skilled IT security workforce are the need of the hour. In order to avoid cyber-attacks and security breaches, IT security professionals can increase their information security knowledge and skills by getting equipped with highly technical training programs.

Data security with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in Data Protection, data breach, data encryption

Tags: AlertSec Xpress Bethesda Softworks breach notification computer encryption software data breach data encryption data security Deus Ex: Human Revolution Kingdom Hearts List of companies of Japan Personal computer security Square Enix Tomb Raider

Computer containing personal information taken from Dept. of Aging

June 24th, 2011

Laptop theft on the rise

A Laptop/Notebook is stolen or lost every 12 seconds

How are laptops stolen?

90% of the Laptops are being lost/stolen during the travel.

Some are stolen at the work place, conference centers, hotel rooms, cars, airports and train stations. As statistics show, it is just impossible to be able to prevent theft to occur as opportunists are everywhere in our society.

Laptop loss not only proves costly to the owner but it also includes the loss of sensitive and creative information/data in it. It could be your important documents, presentations, credit card details, financial information or maybe a contract or legal document.

Here’s a story which talks about laptop theft and loss of valuable health related data.

Laptop stolen from Dept. of Aging

A laptop belonging to a PASSPORT case manager, with the Mansfield Area Agency on Aging, Inc., was stolen on June 3 from his car in the Ohio District 5 region which serves counties in the Mansfield area. It contained data of thousands of clients.

According to the agency the laptop contained the personal health information on up to 43,000 consumers and the personal contact information on up to 35,000 related clients’ personal representatives.

In a news release, CEO Duana Patton said, “The Area Agency on Aging understands the importance of safeguarding our consumer’s personal information and takes that responsibility very seriously. We deeply regret that this incident occurred and we have already taken steps to ensure our laptops are properly equipped to secure personal information from unauthorized access in the future.”

The department is in the process of informing all of the affected users by letter to explain credit protection options available to them.

Individuals can reach the staff for queries related to the data breach on the following number – 800-522-5680 extension 1234

Preventive measures

a. Always back-up your data on a server or back-up device

b. Use encryption software. It greatly enhances the laptop security as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or senstive data

Computer protection with Alertsec

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subsribe for your personal 30-day free trial

Alertsec is the only service provider on the market that offers a pre-configured, ready-to-use solution which also includes 24/7 helpdesk.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today. You can read more about Check Point here.

Once you make your decision you can have the laptops protected within minutes. No delays with set-up, configuration, order or delivery - order now.

No comments »

Posted in Computer security, Identity and Information loss, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Check Point Computer security Credit card data encryption desktop encryption software Encryption Health care identity theft laptop laptop theft Ohio District Personally identifiable information security

Massive hack plunges BitCoin’s value

June 24th, 2011

Virtual money hacked !

If you think a $500,000 heist can only happen in Hollywood movies, think twice ! Thieves managed to steal $50,000 online currency this month. And if this was not enough, it was followed by a major hack at an exchange website that led to a plunge in the currency’s actual value.

The story in short

Bitcoin, “the first decentralized digital currency,” lost its data at the largest Bitcoin-exchange, Mt. Gox, that caused values to plunge from $17 to $0.01 per Bitcoin credit.

A very basic question

Bitcoin is a virtual currency. How does it have value in the first place? And how does it even get stolen? Anyway it is virtual, so what if it gets stolen or is inaccessible? If your grey cells need information, here it is:

What is this virtual currency all about?

Virtual currency has long been used (in one way or another) in multiplayer online role-playing games (MMORPGs) such as World of Warcraft to simple social network games like FarmVilleHardly.

Bitcoin’s virtual money and its open source software entered the gaming world in the year 2009.

Bitcoin has real currency value outside the virtual environment. Believe it or not it has a value several times higher than the U.S. dollar, the British pound, and the Euro.

The story in detail

Monday, June 13, at around 5 p.m. 25,000 Bitcoins were transferred from 478 accounts on the BitCoin currency’s largest exchange — Mt. Gox. Mt. Gox has issued a statement saying that there was a major breach and it was shutting down. Around $8.75M USD worth of Bitcoins appear to have been stolen in the breach.

In the last couple of weeks users started noticing that their accounts had been hacked and their Bitcoins stolen. It was clear that the Mt. Gox database, having 61,020 entries, had been stolen. The next obvious that happened was Bitcoins getting sold at incredibly cheap rates on Mt. Gox in an hour post the breach plunging the market from around $17.50 USD per Bitcoin to just $0.01 per Bitcoin. In the meantime 400,000 other Bitcoins were reported missing.

The breach was traced to a Hong Kong IP, according to sources. There is a chance that this could just be a hijacked server or a proxy server, which the hackers used to obfuscate their true location.

User reactions

Mt. Gox forums were abuzz with activity. Users criticized the admins saying that the site’s security practices needed an overhaul . Writes one user “Man From The Future”: The fact that it uses MD5 is an issue.
It should definitely have been set up using SHA256/SHA512, and at least a per user salt(You haven’t clarified as to whether it’s the same for all, unless I’ve misread something). Or even double SHA512 two-unique-salts halved.

Your system needs Alertsec !

There are no short cuts to Data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.