Log in

Posts Tagged ‘data encryption’

Goatse Security hacking group orchestrated a security breach of AT&T’s servers

June 28th, 2011

Cybercrime

Wikipedia defines cybercrime as “any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. A computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators”.

The AT&T iPad hacking case

More than 100,000 Apple iPad users were a victim of data breach after the hackers accessed AT&T’s servers. Last June, Daniel Spitler of San Francisco, Calif., and Andrew Auernheimer of Fayetteville, Ark. broke into a computer without user authorization. They tried to obtain email addresses from the SIM card addresses of at least 114,000 iPad 3G users. Initially the attack appeared to be a sophisticated hack, the actual exploit used an automated script to submit HTTP requests for thousands of possible serial numbers and collect AT&T’s responses.

Post-breach, AT&T issued a statement. “This issue was escalated to the highest levels of the company and was corrected by Tuesday. We are continuing to investigate and will inform all customers whose e-mail addresses… may have been obtained,”.

How Daniel pilfered AT&T’s servers?

Daniel Spitler wrote a script called the “iPad 3G Account Slurper” and used it to access AT&T servers thereby getting info on e-mail addresses and associated unique iPad numbers. Spitler got in touch with co-defendant Andrew Auernheimer over Internet Relay Chat and they both hatched the plan of taking advantage of the Web site hole and the data from 100,000 accounts that was exposed.

Update on the case

Daniel Spitler has pleaded guilty to breaking into AT&T’s systems and obtaining the email addresses of iPad users. He is allegedly member of the Goatse Security hacking group. Spitler faces up to 10 years in prison and, $500,000 in fines on one count of conspiracy to gain unauthorized access to computers and on one count of identity theft. He is scheduled to be sentenced September 28 in Newark federal court.

Andrew Auernheimer was arrested January 18 in Fayetteville, Ark., while appearing in state court. Charges against him are still pending. He had pleaded not-guilty saying that he and his Goatse Security hacking group were planning to warn AT&T about the hole and notifying iPad 3G customers about the exposure of their data. But the chat logs were evidence enough to point out that they had not contacted AT&T.

“The magnitude of this crime affected everyone from high ranking members of the White House staff to the average American citizen,” said Michael B. Ward, special agent in charge of the FBI’s Newark Division. “It’s important to note that it wasn’t just the hacking itself that was criminal, but what could potentially occur utilizing the pilfered information.”

How Alertsec can protect our computers?

Alertsec provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. It uses Check Point Full Disk Encryption (former Pointsec) software, and has created a web based encryption service that radically simplifies deployment and management of PC encryption.

Alertsec Xpress is the service that automatically protects ALL information you store on your PC

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption.
Powered by Check Point – the market leader

No comments »

Posted in Computer security, Data Protection, Encryption, computer security software, data breach, data encryption

Major game developer Square Enix victim of data breach

June 26th, 2011

Square Enix, the latest victim of data breach

It is now obvious that hackers have decided to hit all major game developers! Last few weeks has seen data breaches of game sites like Nintendo, Bethesda Softworks, Sony, Epic games and Codemasters. The latest is Square Enix, one of the world’s largest developers and publishers of games for PCs and consoles.

Square Enix, well-known for creating the Final Fantasy and Kingdom of Hearts franchises were targeted by unknown hackers mid-way through last month. The cyber attack also reportedly focused on the company’s website.

Computer hackers managed to hit two websites of the Japanese company, Eidosmontreal.com, run by Square Enix’s subsidiary Eidos, and Deusex.com, a promotional site for the upcoming game, Deus Ex: Human Revolution. Up to 25,000 email addresses had been taken in the security breach. The company also stated that the attackers couldn’t access the credit card numbers of users, but they managed to download the resumes of about 350 people who applied for jobs in one of the company’s offices in Canada.

As per the statement “Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation,”

Former Washington Post writer Brian Krebs reports that both the official Deus Ex: Human Revolution and Eidos websites were closed on Thursday morning, May 12. It appears that during this period hackers put up a banner that read “Owned by Chippy1337”. The hackers threatened to distribute the stolen information on file sharing networks. Personal information of more than 25,000 users was stolen. 350 of these were resumes that were accessed and each of the affected individuals were sent apology letters.

The hacked sites were immediately closed down. Damage was analyzed and once improved security measures were implemented, the sites were up and running.

Square Enix has lost so much sensitive data that one has now started questioning about network security.

Robust information security initiatives and a proficiently skilled IT security workforce are the need of the hour. In order to avoid cyber-attacks and security breaches, IT security professionals can increase their information security knowledge and skills by getting equipped with highly technical training programs.

Data security with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in Data Protection, data breach, data encryption

Tags: AlertSec Xpress Bethesda Softworks breach notification computer encryption software data breach data encryption data security Deus Ex: Human Revolution Kingdom Hearts List of companies of Japan Personal computer security Square Enix Tomb Raider

Computer containing personal information taken from Dept. of Aging

June 24th, 2011

Laptop theft on the rise

A Laptop/Notebook is stolen or lost every 12 seconds

How are laptops stolen?

90% of the Laptops are being lost/stolen during the travel.

Some are stolen at the work place, conference centers, hotel rooms, cars, airports and train stations. As statistics show, it is just impossible to be able to prevent theft to occur as opportunists are everywhere in our society.

Laptop loss not only proves costly to the owner but it also includes the loss of sensitive and creative information/data in it. It could be your important documents, presentations, credit card details, financial information or maybe a contract or legal document.

Here’s a story which talks about laptop theft and loss of valuable health related data.

Laptop stolen from Dept. of Aging

A laptop belonging to a PASSPORT case manager, with the Mansfield Area Agency on Aging, Inc., was stolen on June 3 from his car in the Ohio District 5 region which serves counties in the Mansfield area. It contained data of thousands of clients.

According to the agency the laptop contained the personal health information on up to 43,000 consumers and the personal contact information on up to 35,000 related clients’ personal representatives.

In a news release, CEO Duana Patton said, “The Area Agency on Aging understands the importance of safeguarding our consumer’s personal information and takes that responsibility very seriously. We deeply regret that this incident occurred and we have already taken steps to ensure our laptops are properly equipped to secure personal information from unauthorized access in the future.”

The department is in the process of informing all of the affected users by letter to explain credit protection options available to them.

Individuals can reach the staff for queries related to the data breach on the following number – 800-522-5680 extension 1234

Preventive measures

a. Always back-up your data on a server or back-up device

b. Use encryption software. It greatly enhances the laptop security as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or senstive data

Computer protection with Alertsec

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subsribe for your personal 30-day free trial

Alertsec is the only service provider on the market that offers a pre-configured, ready-to-use solution which also includes 24/7 helpdesk.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today. You can read more about Check Point here.

Once you make your decision you can have the laptops protected within minutes. No delays with set-up, configuration, order or delivery - order now.

No comments »

Posted in Computer security, Identity and Information loss, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Check Point Computer security Credit card data encryption desktop encryption software Encryption Health care identity theft laptop laptop theft Ohio District Personally identifiable information security

Video game maker Sega the latest victim of data breach

June 22nd, 2011

With every new data breach, hackers are proving their smartness and honing their hacking skills. The gaming world appears to be an lucrative area for them as the latest victim to have online identities and passwords stolen is Video game maker Sega. Sega produces games for a range of consoles, including the PlayStation 3, Nintendo DS, Microsoft’s Xbox 360 and Nintendo’s motion-control Wii.

Sega’s servers were accessed and information belonging to 1.3 million customers was stolen from Sega’s database. That included names, email addresses, dates of birth and encrypted (not hashed or plain-text) passwords.

Surprisingly credit card numbers have not been affected. Sega Pass, Sega’s online system for giving newsletters, demos and other perks, had been closed for a complete investigation.

As per the latest update, 1,290,755 accounts have been compromised. Sega confirmed that no financial; data was stolen. Sega’s network is being currently strengthened and Lulz Security has taken the lead to find the perpetrators. They stated on Twitter that they would help “destroy” the responsible party because they love the Dreamcast.

What is puzzling is that the attack on Sega’s network took place after it confimed to have put new security measures following the data breach on Sony’s PlayStation Network

“We are deeply sorry for causing trouble to our customers. We want to work on strengthening security,” Sega spokeswoman Yoko Nagasawa told Reuters, adding it is unclear when the firm would restart Sega Pass.

According to BBC report, customers have been advised to change their log-on details on other services and websites where they used the same credentials. In addition, Sega has reset all customer passwords.

Comparison with breach at Sony’s and Citigroup

Sega handled this situation better than Sony and Citigroup. It locked down the system and wasted no time in informing its customers. Sony informed almost after a week and Citigroup had the nerve to tell people that they didn’t disclose information because they didn’t want to shock customers !

Reality check

No system is 100% secure. So in case data theft takes place what is important is

1) Financial data does not get affected and

2) Systems should be immediately closed down, customers should be informed on time and security ought to be strengthened

Time for Alertsec to step in

By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

Alertsec’s mission is to continuously improve our products and services in order to deliver the easiest and most cost-effective managed encryption service on the market

The only way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users

No comments »

Posted in data breach

Tags: alertsec breach notification computer encryption software Computer security Credit card data encryption

Codemasters ‘ attacked by hackers’

June 12th, 2011

Image via Wikipedia

It is the era of hacking ! Before the Cyber-world recovers from the recent data attack on Sony and Citigroup, hackers have managed to access personal data of Codemasters ’s users.

The story

The British games developer was attacked on June 3 and personal details like names, addresses and phone numbers of thousands of people were stolen. IP addresses, details of last site activity, order history, biographies, Xbox Live Gamer-tags of the Codemasters CodeM database and the DiRT 3 VIP code redemption page were also a part of the theft. Luckily payment details were not hacked into as those were processed by an external provider.

Codemasters.com and its associate web services have been taken off the web till the investigation is on. Users have been advised to log on to the company’s Facebook Page for more information. US and UK websites have also been redirected to the company’s Facebook page. A new Web site is in the pipeline.

According to BBC News, the company is still probing about possible suspects. The number of affected users is still not known. It could be anywhere from thousand to hundred thousand. The company said. “We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law”

Data Security

Gamers have also been advised to change their passwords linked with Codemasters accounts. Codemasters spokesperson has further advised to refrain from opening any suspicious mail that might lead a user to an illegal website. Users need to be extra cautious of emails asking them to share their password or any other personal information

Users’ reactions

Leanne Lee from Eastbourne, Codemasters website user, blamed the company of being slow to report. She was shocked that she was told a week later after the breach occurred and that too via an impersonal email. According to Brad Langford of Manchester, Codemasters or any video game company for that matter does not really require sensitive information like birth place and birth dates.

Breaking news

‘Epic Games’ suffers cyber attacked ! Stay tuned..

Data security with Alertsec

D ata security is of utmost importance for any organization. This news stresses the need for data protection applications. The loss in the above incident could have simply been reduced to an insurance matter by a mere investment of $13/month. The amount is meager compared to what the company has lost. The need of Data encryption software and recovery software cannot be underestimated . Had the company used Alertsec’s services, the information would have been secure. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial