Monday, September 12, 2011

Cyber Security News For The Week of September 11, 2011

for the week of September 11, 2011

From our friends at Citadel Information Group
Information at Risk

Hackers Forge Certificates to Break into Spy Agencies: After breaching the Dutch CA (Certification Authority) DigiNotar, Iranian hackers managed to sign forged certificates for the domains of spy agencies CIA, Mossad and MI6. Leading certification authorities like VeriSign and Thawte were also targeted, as were Iranian dissident sites. PC World, September 4, 2011

Dutch Widen Inquiry Into Hacking of Official Sites: The Dutch government said Tuesday that it was widening its investigation into an Internet security breach in an effort to learn whether the private data of Dutch citizens, many of whom file income tax returns online, had been compromised. The New York Times, September 6, 2011

Patient Data Posted Online in Major Breach of Privacy: A medical privacy breach led to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes, the hospital has confirmed. The information stayed online for nearly a year. The New York Times, September 8, 2011

Data breach hits ODOT: A breach in computer data security exposed personal information, including names and Social Security numbers, of 62 current and former employees and others working with environmental programs of the Oregon Department of Transportation. Statesman Journal, September 10, 2011

Privacy Matters - News of the World Hacking Scandal

Murdoch Son's Testimony on Hacking Is Challenged by 2 Former Executives: After a month's lull, the phone hacking scandal that has rocked Rupert Murdoch's media empire resumed with fresh intensity on Tuesday. Mr. Murdoch's son James clashed publicly with two former senior news executives over a meeting that parliamentary investigators have identified as a critical milestone in attempts by some of his father's trusted lieutenants to contain the scandal. The New York Times, September 6, 2011

The Cost of Cybercrime

Cyber crime now bigger than the drugs trade: The global cost of cybercrime is greater than the combined effect on the global economy of trafficking in marijuana, heroin and cocaine, which is estimated at $388bn, a new headline-grabbing study reported. The Register, September 7, 2011

One Million Victims of Cybercrime a Day, Report Says: Over one million adults around the world are the victim of cybercrime every day, according to figures published Wednesday. The Norton Cybercrime Report 2011 paints a gloomy picture. The company estimates that cybercrime cost online consumers over the 24 countries surveyed a total of $388 billion in just one year. By contrast, according to Adam Palmer, Lead Advisor at Norton Cybersecurity Institute and a former U.S. Navy prosecutor, the entire global trade in cocaine, heroin and marijuana is worth $288 billion. The Wall Street Journal, September 7, 2011

US$114 B Lost to Cybercrime Annually: For the first time, a Norton study has quantified the cost of global cybercrime, estimated at US$114 billion annually, the company said in a statement. International Business Times, September 9, 2011

Internet Badlands

UPS Website Traffic Redirected by Hackers Whose Targets Included Vodafone: United Parcel Service Inc. (UPS), Betfair Group Plc (BET) and Vodafone Group Plc (VOD) were among companies whose websites were disrupted by an attack that redirected Internet users to a hacking holding page. Bloomberg, September 5, 2011

Image searches 'poisoned' by cybercriminals: ALL Pedro Bueno did was run a regular Google search for "iPhone with antenna" while trying to fix the Wi-Fi on his wife's cellphone. Moments later he was yet another victim of "search engine poisoning" - the latest battleground in the ongoing war between cybercriminals and Google. New Scientist, August 26, 2011

Dutch firm linked to many more fraudulent Net certificates: The number of fraudulent security certificates issued by a hacked Dutch firm has ballooned from the 247 reported last week to 531, and the main purpose of the attack appears to have been to spy on Iranian dissidents. Cnet, September 5, 2011

Hackers Turn On Each Other: Is there no honor among hackers, or information leakers? Last week, even got hacked. The website, which awards points for proof that you've hacked particular websites, isn't the first such leaderboard. But the site had grabbed a lot of attention in a short period of time for listing hacking point values for prominent websites, such as the White House's (34,594 points). Information Week, September 6, 2011

Rent-a-Bot Networks Tied to TDSS Botnet: Criminals who operate large groupings of hacked PCs tend to be a secretive lot, and jealously guard their assets against hijacking by other crooks. But one of the world's largest and most sophisticated botnets is openly renting its infected PCs to any and all comers, and has even created a Firefox add-on to assist customers. KrebsOnSecurity, September 6. 2011

Facebook hacking tool hacks hackers: A case of criminal irony: Tools built to help hackers break into Facebook accounts have been found hiding malware that infects the computers of the would-be criminals who download them. MSNBC, September 7, 2011

FBI probes hacking of NBC News' Twitter account: The FBI is investigating the NBC News Twitter account hacking committed by perpetrators who posted bogus information about the hijacking of a civilian airliner that supposedly crashed into Ground Zero in New York, officials said Friday night. MSNBC, September 10, 2011's Security Recruiter Blog