Posts Tagged 'hackers'

Korean Data Leak Courtesy of Chinese Hackers

They just never quit do they? South Korea is the latest victim of a major data breach courtesy of Chinese hackers. Korean retailer Shinsegae, in addition 24 other companies, reported the theft of approximately 20 million customer accounts and private data. Police tracked down 3 South Koreans for attempting to sell the information online. The original Chinese hackers are still at large.

The government security agency plans on launching a probe into whether the corporations implemented adequate security measures to prevent such a theft. Otherwise, somebody gonna get fired. To date this has been the worst data breach in the country’s history.

“Shinsegae issued a statement of apology after data on 3.3 million of its customers was leaked from its online shopping mall.” (link)


Hackers go after Red Hat servers

Linux distributor Red Hat has issued a statement revealing that its servers were illegally infiltrated by unknown intruders. According to the company, internal audits have confirmed that the integrity of the Red Hat Network software deployment system was not compromised. The community-driven Fedora project, which is sponsored by Red Hat, also fell victim to a similar attack.

“Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action,” Red Hat said in a statement. “We remain highly confident that our systems and processes prevented the intrusion from compromising RHN or the content distributed via RHN and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk.” (link)

Hackers may exploit bug to control the Interweb

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.

Major software and hardware makers worked in secret for months to create a software “patch” released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.

“It’s a very fundamental issue with how the entire addressing scheme of the Internet works,” Securosis analyst Rich Mogul said in a media conference call.

“You’d have the Internet, but it wouldn’t be the Internet you expect. (Hackers) would control everything.”

The flaw would be a boon for “phishing” cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information. (link)

Epilepsy site hacked to cause seizures

Computer attacks typically do not inflict physical pain on their victims.

But in a rare example of an attack apparently motivated by malice rather than money, hackers recently bombarded the Epilepsy Foundation’s website with hundreds of pictures and links to pages with rapidly flashing images.

The breach triggered severe migraines and near-seizure reactions in some site visitors who viewed the images. People with photosensitive epilepsy can get seizures when they’re exposed to flickering images, a response also caused by some video games and cartoons.

The attack happened when hackers exploited a security hole in the foundation’s publishing software that allowed them to quickly make numerous posts and overwhelm the site’s support forums. (link)

CIA: Hackers able to take down power grids

Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.

Speaking at a conference of security professionals on Wednesday, CIA analyst Tom Donahue disclosed the recently declassified attacks while offering few specifics on what actually went wrong.

Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.

“We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands,” he said in a statement posted to the Web on Friday by the conference’s organizers, the SANS Institute. “In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.” (link)

Hackers get subscriber list from porn site, be afraid

When operators of sex-oriented websites gather at the Internext convention starting Sunday in Las Vegas, a major leak at a little New Jersey company is likely to be a big topic.Freehold-based Too Much Media, which sells accounting software for adult Web sites, told its customers last month that a security breach on its computers allowed hackers to access various adult websites’ subscriber lists.

Keith Kimmel of Norman, Okla., who runs two websites that feature porn, said the breach has the potential to embarrass.

“Would you really want a record floating around the Internet that you subscribe to hardcore bondage?” he asked.

Indeed, it appears stolen personal and company information is being used to bombard subscribers, many of whom would rather not have their identities known, with junk e-mails advertising sexually explicit images from competitors. No credit information appears to have been stolen. (link)

Study examines role of China in cybercrime

A study (PDF) published this week by researchers from China and Germany provides insight into the scope of the rapidly growing underground cybercrime economy in China. The paper explores the complex relationships between different kinds of participants in the underground economy, reveals the value of various illicit technical goods and services, measures the number of malware propagation sites, and evaluates the mitigation efficacy of popular antivirus programs.

The paper describes an economic model for China’s cybercrime underground and enumerates several categories of participants: malware developers, phishing site operators, crackers, login information (referred to as “envelopes” in the study) thieves, virtual asset thieves, and virtual asset sellers. The study also identifies an additional category of participants—called players—who purchase dubiously-obtained virtual assets, typically for use in popular Internet games. The paper then explains how participants from these categories interact to create the underground market. (link)

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 29 other followers

Technorati – Blog Search

Add to Technorati Favorites

submit express