Log in

Posts Tagged ‘data’

Anonymous is back with a bang! This time they breach Stratfor Inc.

January 9th, 2012

Stratfor Inc hacked and credit card data stolen

Anonymous has always been in the news for data hacking and just when we were wondering what they were up to, they are here! This time they have been successful in breaching data of the security Think-Tank Strategic Forecating Inc, based out of Austin.

The details

The group managed to hack into Stratfor’s web site and get data about the company’s corporate subscribers. This resulted in the website being closed down temporarily. Anonymous was proud to announce that they stole passwords, credit card details, and home addresses of about 4,000 people on Stratfor’s private client list. Their plan was to use the credit card information to make fraudulent donations to charities. The hackers described the data on Pastebin, then provided several links to websites hosting the information. According to them some 50,000 of the e-mail addresses released end in “.mil” or “.gov.”

Strangely enough, some representatives of the Anonymous group denied complete responsibility of the attacks. According to an Anonymous spokesman “it does not attack media sources.” The organization has been known for its hacks on Sony’s PlayStation services, the Church of Scientology, as well as companies, banks, and organizations that supported WikiLeaks.

What business is Stratfor into?

The company offers its clients like the U.S. Air Force, the Miami Police Department, and Apple, high-quality economic, political, and even military analysis to clients, delivered daily via email, video, and the Web.

After the hack

Stratfor is offering a free one-year subscription to an identity protection service to those affected. Stratfor’s CEO, George Friedman confirmed on the company’s Facebook page on Monday that the hack disclosed the names of some corporate subscribers along with personal and credit card data.

Barrett Brown, spokesman for Anonymous said “This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade,”. “Many of those contacts work for major corporations within the intelligence and military contracting sectors, government agencies and other institutions.”

Stratfor’s chief George Friedman’s statement

“While addressing matters related to the breach of Stratfor’s data systems, the company has been made aware of false and misleading communications that have circulated within recent days,” said Friedman. “Specifically, there is a fraudulent email that appears to come from George.Friedman[@]Stratfor.com.”

High profile attacks are making the rounds and security agencies are scrambling to get the security policies of such companies in place. Stratfor’s website is under repair as of today and will take some time before it gets back in shape.

Alertsec equips firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: anonymous Austin Austin Texas Consultants Credit card data Facebook George Friedman Hack Miami Police Department Pastebin security Stratfor United States Air Force Website Wikileaks

Computer backup tapes reported missing from Nemours Children’s Health System

October 27th, 2011

Backup tapes containing patient billing data stolen

Data thieves somehow love stealing patient data or better they somehow know that stealing patient data is a lot easier than any other data. Recent cases of hospital data missing are a clear indication of the above.

The following is yet another case of missing patient billing data. This time thieves have managed to steal three unencrypted computer backup tapes containing patient billing and employee payroll data from a Nemours facility in Wilmington, Delaware. The tapes were supposed to be ’safely’ locked and there was another cabinet containing a computer systems conversion that was completed in 2004. The thieves cleverly stole the tapes and locked cabinet on September 8, 2011 during a facility remodeling project.

As yet there is no indication that the tapes were misused. Fortunately there was no medical data on the tapes. Thieves are going to have a hard time accessing data on these tapes and will need special equipment and knowledge if they want to break this code.

The data in these tapes includes info like name, address, date of birth, Social Security number, insurance information, medical treatment information, and direct deposit bank account information related to 1.6 million patients and their guarantors, vendors, and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida.

According to David J. Bailey, M.D., President and Chief Executive Officer “This is an isolated incident unrelated to patient care and safety,”. “The privacy of our patients, their families, and our employees and business partners is a high priority to all of us at Nemours.”

Affected individuals are being notified and one year of free credit monitoring and identity theft protection as well as call center support has been offered to them.

In a special press release, patients were told the following:

Nemours has provided high quality and compassionate paediatric care for over 70 years, and the privacy and confidentiality of the information we maintain for our patients has always been an important part of the fundamental trust that we share with our patients and their families.

Needless to say, Nemours is revamping its data security policies. The policy includes data encryption and moving computer backup tapes to a another secure facility.

In a similar incident that we reported last week, backup tapes at TRICARE were lost. TRICARE is a provider of health care services to active and retired military personnel. These are careless and easily preventable mistakes that organizations must take into account.

Alertsec is helping organizations with their data security issues

Alertsec, a reliable name in the world of data security is guiding organizations in their data protection policy. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For years, Check Point has been protecting more PCs, laptops, PDAs, smart phones and removable storage devices than anyone else in the world.

Alertsec is the frontrunner in offering data encryption software as a fully managed service, and as such, Alertsec is a Check Point Managed Security Service Provider and Global Silver partner. We´re an experienced security organization with well-trained and Check Point certified experts.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Uncategorized, computer security software, data encryption, identity theft

Tags: Backup Cryptography data data security David Jackson Bailey Delaware Nemours New Jersey Patient Pennsylvania September 8 2011 Social Security number Theft Wilmington Wilmington Delaware

Unauthorized person breaks into Purdue University’s computer system

August 23rd, 2011

Data of former students accessed illegally

First it was the gaming sites, followed by big corporations like NASA, later it was the healthcare industry and now its time for educational institutes to get their data breached !

Hackers hacked big time into Purdue University’s server which contained the personal information, including Social Security numbers and course records, of more than 7,000 former Purdue University students. These students had enrolled into a Math course.

The breach

The breach took place on April 5, 2010. As soon as the Purdue staff learned about it, they took the server offline. The notification came 16 months after the discovery of the breach.

The server contained 6.6 million nine-digit numbers in the hacked files. It took Purdue six months to analyze those numbers. After analysis Purdue determined that approximately 65,000 of those number combinations could be Social Security numbers. The numbers were further reanalyzed and the University matched 7,093 of those number combinations to Social Security numbers of former students.

The computer showed older course records from 2000 through the summer session of 2005.

Not only ex- students but a few professors, family members and contractors were potentially affected. A letter was sent to those affected stating a toll-free phone number for inquiries at 866-520-0492

Breach investigation

Investigation by Purdue University officials showed that 7,093 Social Security numbers were accessed by the hacker.

According to Laszlo Lempert, head of the Department of Mathematics ”Through our investigation, we found no evidence that the unauthorized user attempted to find or read any files with personal information in our system, but felt informing people who may have been affected was a necessary precaution,” . “We regret the breach occurred, and we’ve taken extensive measures to prevent this from happening again.”

As per Purdue University policy, Social Security numbers are no longer used except where required by law. A Purdue identification number is issued to all students, alumni, faculty and staff.

Security tips by Purdue

Place a fraud alert on your credit file, if you haven’t already done so.
Close accounts that you believe have been tampered with.
File a complaint with the Federal Trade Commission. For step-by-step instructions and contact information, go to: http://www.ftc.gov/bcp/edu/microsites/idtheft/

AlertSec’s security services

Organisations and educational institutes which contain a large amount of data have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

To protect information on laptops with encryption is of paramount importance if you want to comply to today’s legislation, not to mention the peace of mind for people managing security for a mobile workforce. We have found Alertsec Xpress to be secure, yet easy to use and implement.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: breach notification Check Point Colleges and Universities computer encryption software Computer security data data breach data security Doctor of Philosophy Education Enter your zip code here Indiana NASA Purdue University Social Security number United States

Massive hack plunges BitCoin’s value

June 24th, 2011

Virtual money hacked !

If you think a $500,000 heist can only happen in Hollywood movies, think twice ! Thieves managed to steal $50,000 online currency this month. And if this was not enough, it was followed by a major hack at an exchange website that led to a plunge in the currency’s actual value.

The story in short

Bitcoin, “the first decentralized digital currency,” lost its data at the largest Bitcoin-exchange, Mt. Gox, that caused values to plunge from $17 to $0.01 per Bitcoin credit.

A very basic question

Bitcoin is a virtual currency. How does it have value in the first place? And how does it even get stolen? Anyway it is virtual, so what if it gets stolen or is inaccessible? If your grey cells need information, here it is:

What is this virtual currency all about?

Virtual currency has long been used (in one way or another) in multiplayer online role-playing games (MMORPGs) such as World of Warcraft to simple social network games like FarmVilleHardly.

Bitcoin’s virtual money and its open source software entered the gaming world in the year 2009.

Bitcoin has real currency value outside the virtual environment. Believe it or not it has a value several times higher than the U.S. dollar, the British pound, and the Euro.

The story in detail

Monday, June 13, at around 5 p.m. 25,000 Bitcoins were transferred from 478 accounts on the BitCoin currency’s largest exchange — Mt. Gox. Mt. Gox has issued a statement saying that there was a major breach and it was shutting down. Around $8.75M USD worth of Bitcoins appear to have been stolen in the breach.

In the last couple of weeks users started noticing that their accounts had been hacked and their Bitcoins stolen. It was clear that the Mt. Gox database, having 61,020 entries, had been stolen. The next obvious that happened was Bitcoins getting sold at incredibly cheap rates on Mt. Gox in an hour post the breach plunging the market from around $17.50 USD per Bitcoin to just $0.01 per Bitcoin. In the meantime 400,000 other Bitcoins were reported missing.

The breach was traced to a Hong Kong IP, according to sources. There is a chance that this could just be a hijacked server or a proxy server, which the hackers used to obfuscate their true location.

User reactions

Mt. Gox forums were abuzz with activity. Users criticized the admins saying that the site’s security practices needed an overhaul . Writes one user “Man From The Future”: The fact that it uses MD5 is an issue.
It should definitely have been set up using SHA256/SHA512, and at least a per user salt(You haven’t clarified as to whether it’s the same for all, unless I’ve misread something). Or even double SHA512 two-unique-salts halved.

Your system needs Alertsec !

There are no short cuts to Data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

No comments »

Posted in Hackers, Identity and Information loss, data breach

Tags: AlertSec Xpress Bitcoin breach notification laws computer encryption software Currency Currency and Money data Economic Financial Economics Social Sciences Virtual currency World of Warcraft

Anonymous Identity Attack forced HBGary Federal’s CEO to Resign

March 5th, 2011

HBGary Federal CEO Aaron Bar

HBGary is a technology security company and HBGary Federal is its affiliated firm which sells its products to the US Federal Government and HB Gary, Inc. Recently CEO of HBGary Federal, Aaron Bar has resigned from his post in the response to the anonymous identity attacks into the company’s network and to his personal data. Some unknown people hacked the company’s information and stole thousands of e-mail messages. Before few weeks Aaron Bar has promised to expose the names of anonymous members who are involved in this identity theft.

The group has posted the mails and the process on the Internet: how they exploited weak passwords, un patched servers to crack the network, then used information on passwords which resulted to break into the company’s Gmail accounts.

According to the reports, “Anonymous members hacked HBGary Federal’s website and unleashed 71,000 internal company e-mails, including one revealing that Barr’s wife had threatened to divorce him. They also hijacked Barr’s Twitter account, changing his profile photo and announcing that he was in fact a sweaty ball sack of caterpillars”.

Why Anonymous Group Targeted HBGary

The firm HBGary was targeted because Barr was quoted in a published article on 5th February saying that he had used clues found online to discover the identities of key Anonymous associates and was able to make these connections by using services such as LinkedIn, Classmates.com, and Facebook, as well as IRC itself.

In the reaction of this story which was used for a presentation during B-Sides San Francisco, the anonymous group compromised HBGary and HBGary Federal and leveraging Web vulnerabilities. The group also gained access to the Rootkit.com Web site which was launched by HBGary founder Greg Hoglund.

Data Breach infected Company’s and Bar’s Reputation

The disclosure of all the sensitive and private data poses a major security risk to those organizations, as well as individuals who had corresponded with the HBGary. Since the breach took place company’s business practices comes into question. There were various rumours related to the content of the stolen e-mails. Barr told that he stepped down to help the company regain its reputation and to improve his own. Barr wants to focus on taking care of his family and rebuilding his reputation. He told that it’s been a challenge to do that and run a company.

Barr says in an interview, “I have been the focus of much bad press; I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I am confident they will be able to weather this storm”.

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.