Posts Tagged ‘Federal Bureau of Investigation’

« Older Entries

Stratfor site relaunched – Story continues

January 15th, 2012
STRATFOR (20120105)

Stratfor relaunches site post hack attack

Stratfor is officially back but its servers are heavily burdened due to its offer of free access. Stratfor CEO criticized the attackers for targeting the company, an email said. Stratfor aka Strategic Forecasting is back online after it was hacked into last month.

The new site

Stratfor relaunched  the new site on Jan. 11 exactly 18 days after the hacking group Anonymous hacked into its servers on Dec. 24. The hackers hacked Stratfor’s servers and took away data related to its subscribers and also defaced the site. The information that was dumped online included 75,000 credit card numbers and 860,000 usernames and passwords. Almost 50,000 of the addresses had a .mil or .gov domain. According to a Stratfor spokesperson there was going to be a delay with the site re-launch. The company planned to bring in a team of consultants and experts to tackle the security issues. The company further decided to move all credit card management activities to a third-party company so that customer data remained secure.

According to George Friedman, CEO of Stratfor “This was our failure,”. “I take responsibility. I deeply regret that this occurred and created hardship for our customers and friends.” “I felt bound to protect our customers, who quickly had to be informed about the compromise of their privacy. I also felt bound to protect the investigation,” Friedman said. The FBI had informed credit card companies of the breach and had provided a list of compromised cards, so “our customers were therefore protected,” he said, adding, “We were not compelled to undermine the investigation.” “This attack was clearly designed to silence us by destroying our records and the website,”.

What went wrong?

Apparently Stratfor had failed to encrypt credit card data and had stored the information in cleartext. After the passwords were analyzed, it was seen that security practices were not followed.There was no check on passwords when they were created by users.

Friedman further added “We were no longer an organization that analyzed the world for the interested public, but rather a group of incompetents, and conversely, the hub of a global conspiracy,”. According to him the media had publicized “incompetents” part while the hacking community focused on the “global conspiracy” part.

Relaunch offer

The site was made free to all visitors for a limited time. But that did not last long as due to heavy traffic on the site, it had to be closed down. ”Due to the high volume of interest in our new website, we are currently encountering a service interruption. We are working with outside experts to increase our capacity to handle the increased traffic to the new website,” according to a message posted at Stratfor.com.
Protect yourself with Alertsec

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.
Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.
Enhanced by Zemanta

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Identity and Information loss, computer security software, data breach, data encryption

Tags:

Former senior analyst for Countrywide Home Loans behind bars for data theft

September 29th, 2011
Data theft!

It is not only the poverty-stricken folks who steal data in order to make money. High-salaried, well-to-do personnel are trying their hands at stealing too ! The money made by sellers of stolen personal data continues to be high. Credit card information is the most sought data as it generates $0.06 to $30.00 per record.

The recent case of data theft involves a former senior analyst for Countrywide Home loans.

The case of Rene Rebollo

A former senior analyst for Countrywide Home Loans was sentenced Wednesday in connection with data theft and for selling personal data of some 2.5 million customers in a scam that in turn cost the mortgage lender some $30 million. U.S. District Judge Christina A. Snyder sentenced Rene to eight months in prison. He is also expected to serve 10 months in a community correctional facility. In addition, Rene will also have to pay $1.2 million in restitution to Countrywide, now Bank of America. He also cannot access further customer data.

Data theft took place in the year 2008

Rene was charged in 2008 for downloading company data, planning an elaborate scam to steal customer information and selling it to loan officers from other companies. He had access to many of Countrywide’s databasesthat held information about clients from different parts of the United States.

He downloaded and stored reports on pen drives and distributed financial information and contact information of about 2.5 million people. In addition, he sold Social Security numbers of some 50,000 people. He opened a bank account for depositing money that he made from data selling. As if this was not enough, he sold the information to Wahid Siddiqi, 28, from Thousand Oaks, for $500 and earned around $50,000. The men sold the identity batches for $500 a piece.

Rene had pleaded not guilty but in January changed his mind to guilty.

As far as Siddiqi is concerned, he is jailed for 3 years since pleading guilty to fraud and selling the information to third parties.

How did Countrywide react?

Countrywide spent $1.2 million notifying customers whose data was compromised. It spent another $15.75 million to provide free credit monitoring to these customers. It also spent $13.4 million in civil litigation, that included class action lawsuits. Bank of America settled the suits last year.

The question is – How did an IT Audit miss such a big breach?

Data security with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident, which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security. There are no short cuts to Data security in any organization. Alertsec offers ervice that includes more than the traditional software licensing model.

Enhanced by Zemanta

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Uncategorized, computer security software, data breach, data encryption, identity theft

Tags:

Tracking software helps track laptop thief

August 22nd, 2011
MacBook Pro at the desktop.

Macbook Pro stolen from an ex- FBI

Of all the people, this laptop thief had to rob a an IT security specialist and former FBI and NASA employee!

Interesting story ahead

When Greg Martin, an IT security specialist and former FBI and NASA employee, returned home late night he was shocked to see his house burgled. His laptop, a Macbook Pro, and other valuables were stolen. The thief had used a scaffold pole to open the security bars on his basement window! But Martin did not react the way most of us would. Had we been in his place, we would have panicked, right? Well, this guy is a former FBI and had installed a tracker on his laptop. So he knew that sooner or later the thief is going to get caught.

More about Greg

Greg Martin runs a blog called InfoSecurity 2.0. Is it not ironic to be stealing a laptop from a security guy? — Apparently Martin had installed an open source tracking software called Prey on his computer. According to the product’s website the software “lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen,”.

What happened later?

Martin registered a case of stolen laptop and waited for the thief to surface on the Internet. Two days later he received an email – that meant the thief had logged on to his machine. With the help of the tracking software Martin was able to get a clear picture of the user, as well as details of the IP address and wireless network that he was using and his location. As if Martin needed more, he was able to capture a screenshot of the user when he was logged into his Facebook thus giving away his name and the school that he had been to.

The thief is caught

Martin passed on this valuable piece of information (Facebook screenshot) to the London police who tracked down the thief in no time. Martin lived in an affluent neighbourhood where robbery is a rare phenomenon. The thief was hoping to take advantage of the fact that there were riots in the city and that the Police would be too occupied to look into a laptop theft.

Details about the thief

The thief was an 18-year-old young man by the name of Soheil Khalilfar.  The police raided his apartment and recovered the laptop. It was later returned to Martin.

Martin’s wish

“My hope was I was going to watch him being arrested from my laptop camera — that would have been the perfect ending. But they arrested him when I was on the plane back to London,” Mr Martin said

Tracking software from Alertsec

The above case is a classic example of why security software needs to be a part of any laptop/computer. Your laptop is practically your life. It contains valuable data like financial documents, passwords to important files, business deals etc.

Alertsec Xpress offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution.


Enhanced by Zemanta

No comments »

Posted in Uncategorized

Tags:

Goatse Security hacking group orchestrated a security breach of AT&T’s servers

June 28th, 2011
Apple iPad 2 WHITE???

Cybercrime

Wikipedia defines cybercrime as “any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. A computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators”.

The AT&T iPad hacking case

More than 100,000 Apple iPad users were a victim of data breach after the hackers accessed AT&T’s servers. Last June, Daniel Spitler of San Francisco, Calif., and Andrew Auernheimer of Fayetteville, Ark. broke into a computer without user authorization. They tried to obtain email addresses from the SIM card addresses of at least 114,000 iPad 3G users. Initially the attack appeared to be a sophisticated hack, the actual exploit used an automated script to submit HTTP requests for thousands of possible serial numbers and collect AT&T’s responses.

Post-breach, AT&T issued a statement. “This issue was escalated to the highest levels of the company and was corrected by Tuesday. We are continuing to investigate and will inform all customers whose e-mail addresses… may have been obtained,”.

How Daniel pilfered AT&T’s servers?

Daniel Spitler wrote a script called the “iPad 3G Account Slurper” and used it to access AT&T servers thereby getting info on e-mail addresses and associated unique iPad numbers. Spitler got in touch with co-defendant Andrew Auernheimer over Internet Relay Chat and they both hatched the plan of taking advantage of the Web site hole and the data from 100,000 accounts that was exposed.

Update on the case

Daniel Spitler has pleaded guilty to breaking into AT&T’s systems and obtaining the email addresses of iPad users. He is allegedly member of the Goatse Security hacking group. Spitler faces up to 10 years in prison and, $500,000 in fines on one count of conspiracy to gain unauthorized access to computers and on one count of identity theft. He is scheduled to be sentenced September 28 in Newark federal court.

Andrew Auernheimer was arrested January 18 in Fayetteville, Ark., while appearing in state court. Charges against him are still pending. He had pleaded not-guilty saying that he and his Goatse Security hacking group were planning to warn AT&T about the hole and notifying iPad 3G customers about the exposure of their data. But the chat logs were evidence enough to point out that they had not contacted AT&T.

“The magnitude of this crime affected everyone from high ranking members of the White House staff to the average American citizen,” said Michael B. Ward, special agent in charge of the FBI’s Newark Division. “It’s important to note that it wasn’t just the hacking itself that was criminal, but what could potentially occur utilizing the pilfered information.”

How Alertsec can protect our computers?

Alertsec provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. It uses Check Point Full Disk Encryption (former Pointsec) software, and has created a web based encryption service that radically simplifies deployment and management of PC encryption.

Alertsec Xpress is the service that automatically protects ALL information you store on your PC

Alertsec Xpress provides:

  • Fully managed service for your convenience.
  • Very cost effective service.
  • Market leading laptop protection service.
  • Quick and easy implementation.
  • Easy to use protection.
  • Transparent solution.
  • Global 24/7 helpdesk.
  • 100% secure and reliable encryption.
  • Powered by Check Point – the market leader
Enhanced by Zemanta

No comments »

Posted in Computer security, Data Protection, Encryption, computer security software, data breach, data encryption

Tags:

Massive Data Breach at Hawaiian University

November 8th, 2010
Seal of the University of Hawai i System
Image via Wikipedia

Educational universities have been struggling with their data security norms and have failed to keep the confidential students data secure. A new case which highlights this fact is the huge data breach incident at Hawaiian University, which in-fact is the 2nd time such a case has happened in the university for the 2nd time this year. At stake is the most sensitive personal information of the students and alumni.

The affected alumni who are being notified this week include those who attended UH’s Manoa campus from 1990 through 1998 and during 2001 and students who attended the UH West Oahu campus during the fall of 1994 or graduated between 1988 and 1993. The hackers had managed to penetrate the server at Manoa campus. The attack exposed the names, social security number, driving licenses and social security numbers of around 53,000 students, employees and faculty members.

This time around last year, a similar case had happened when the details of 4500 students were officially posted on the website of the school. These details included names, social security numbers etc.

On their side, University of Hawaii officials have mentioned that case was reported to the FBI & Honolulu Police Department. As a matter of precaution the un-secured server was also disconnected by the officials to prevent further losses. In addition all the impacted alumni have been sent email notices. Email notices were also sent last week to impacted alumni mentioning that the university “has no evidence that anyone’s personal information was accessed for malicious intent.”

According to the Titus of Liberty Coalition similar breaches have been discovered in other universities across the United States. The notable ones include personal information of over 250,000 individuals which was held by a Florida state employment office.

At the moment it is difficult to track the level of misuse of this information.

University spokeswoman Tina Shelton said, “The university system is NOT aware of any actual security breaches raised by the inadvertent exposure by the UH West Oahu professor.”

Naturally the students are disturbed by the security breach and graduate Paul Philpott is one of them. He is one of the alums whose personal information was exposed and has spoken to other friends and classmates as well.

Philpott said in an email, “None of us have given any authority to any person or institution to have our identities used, put on the Internet, or to be used in a study on us”. “For those affected that I have talked with, explanations and help should be immediate and detailed”.

The Titus of Liberty Coalition mentioned in a telephone interview. “It’s my impression that the University of Hawaii is a few years behind in its IT (information technology) security,”

He also added, “This could have been prevented if the university had a policy of scanning its IT system for records containing personal information like social security numbers,” he says, adding software programs and information technology experts are available to perform such searches.

All the potentially affected students can call (808) 956-6000 during weekday business hours or check the website at http://www.uhwo.hawaii.edu/idalert

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software.The threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles
Enhanced by Zemanta

No comments »

Posted in AlertSec Xpress, data breach

Tags: