Ghostshell takes credit for extensive hack of government, private websites

http://www.csoonline.com/article/723577/ghostshell-takes-credit-for-extensive-hack-of-government-private-websites

By Antone Gonsalves CSO December 11, 2012

The hacktivist group Team Ghostshell took credit Monday for the release of 1.6 million accounts and records stolen from government and private organizations covering aerospace, law enforcement, the military, the defense industry and banking.

Among the organizations the group claimed to have stolen information included NASA’s Center For Advanced Engineering, the Department of Homeland Security (DHS) Information Network, the FBI’s Washington division in Seattle, the Federal Reserve and Interpol.

Taken from about 40 websites, the information is reported to have included usernames, email addresses, passwords, phone numbers, mailing lists, administrator account information and defense data.

The information was stored on the web in more than 140 uploads, and mirrored in multiple sites. The group listed on Pastebin URLs for the information, along with a lengthy rant on the operation they called ProjectWhiteFox.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail

Email intruder causes N.C. hospital data breach

http://www.clinical-innovation.com/topics/privacy-security/email-intruder-causes-nc-hospital-data-breach

By Beth Walsh Clinical-Innovation.com Dec 11, 2012

Approximately 5,600 patients of Carolinas Medical Center-Randolph are impacted by a data breach caused by an unauthorized electronic intruder who obtained incoming and outgoing emails from a provider’s account without the provider’s or the hospital’s knowledge.

The security breach of the Charlotte, N.C. facility was discovered on Oct. 8 following an upgrade in the hospital’s security software. Based on the investigation, the intruder obtained emails from the provider’s account between March 11 and Oct. 8, according to a release. Upon discovery of the breach, Carolinas HealthCare System hired a forensic investigator and notified federal law enforcement of the incident.

Based on information discovered through the investigation, most of the obtained emails did not contain patient information. While only five emails contained Social Security numbers, several contained some medical and other patient information. The emails appear to include one or more of the following: patient names, dates and times of service, provider and facility names, internal hospital medical record and account numbers, dates of birth, and treatment information, such as diagnosis, prognosis, medications, results and referrals. Potentially affected patients have been sent personal letters explaining the type of information involved.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

New Cyberespionage Attack Targets Russia

http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240144243/new-cyberespionage-attack-targets-russia.html

By Kelly Jackson Higgins Dark Reading Dec 11, 2012

China is often considered synonymous with cyberespionage, but what about Korea? A new targeted attack campaign with apparent Korean ties has been stealing email and Facebook credentials and other user-profile information from Russian telecommunications, IT, and space research organizations.

FireEye says the so-called “Sanny” attacks appear to indicate that Korea may be home to the command-and-control and other communications for the malware. Researchers didn’t specify whether either North or South Korea, but say that around 80 percent of the victims in the attacks are Russian organizations.

Ali Islam, security researcher for FireEye, says it’s possible that Korea is being used a proxy for the attack. But there are a few clues of a Korean connection: the SMTP email server and command and control servers are based in Korea; the “Batang” and KP CheongPong” fonts used in the lure documents are Korean; a Korean message board is used for the C&C; and the Yahoo email account used in the attacks, “jbaksanny” is connected to an empty Korean Wikipedia page created by a user named Jbaksan.

“We believe both countries [North and South Korea] have cyberattack capabilities. The attacker has done a great job of hiding his/her self by choosing a public forum as normally with APTs –in contrast to normal malware– you don’t need a long-lasting CnC,” Islam says.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

How much crime really occurs? Don

http://www.nextgov.com/big-data/2012/12/how-much-crime-really-occurs-dont-ask-feds/60084/

By Aliya Sternstein Nextgov December 11, 2012

The United States has no accounting of how much crime there really is nationwide because FBI statistics do not reflect cybercrimes and other offenses that have cropped up since reporting began in 1930. But that might change in 2013.

“Millions victimized by fraud and online crimes, but this is often not captured,” Justice Department officials tweeted during the first meeting in 82 years to figure out the best crime indicators. Deputy Assistant Attorney General James Burch microblogged the event Wednesday, posting comments from attendees such as the previous quote from a Major Cities Chiefs Association representative.

“We have no idea how much crime there really is,” program consultant Paul Wormeli, a former deputy administrator of Justice’s Law Enforcement Assistance Administration, said in an interview.

The current — and, most would agree, outdated — taxonomy of offenses is the Uniform Crime Reporting system. Right now, the national statistics index is limited to violent crime, murder, forcible rape, robbery, aggravated assault, burglary, larceny theft, motor vehicle theft and arson. This regime masks the extent to which drug trafficking, or gun trafficking for that matter, fuels other crimes, experts note. The possible correlations are a flash point in the current debates over legalizing drugs and controlling the border with Mexico.

Next year, Justice officials expect to release an updated crime nomenclature and data mining technology to describe transgressions in meaningful contexts, such as the degree to which heroin plays a role in homicides.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

How Commander X jumped bail and fled to Canada

http://arstechnica.com/tech-policy/2012/12/anon-on-the-run-how-commander-x-jumped-bai/

By Nate Anderson Ars Technica Dec 11 2012

“You scared?” asks the fugitive in the camouflage pants as he sidles up to our pre-arranged meeting point in a small Canadian park. He wears sunglasses to hide his eyes and a broad-brimmed hat to hide his face. He scans the park perimeter for police. “Cuz I’m scared enough for both of us.”

It’s a dramatic introduction, but Christopher “Commander X” Doyon leads a dramatic life these days. He jumped bail and fled the US after the FBI arrested him in 2011 for bringing down a county government website — the only Anonymous-affiliated activist yet to take such a step. When I meet him months after his flight, he remains jumpy about getting caught. But Doyon has a story he wants to tell, and after he removes his hat, sunglasses, and backpack, he soon warms to the telling of it. It’s the story of how, in Doyon’s words, “the USA has become so tyrannical that a human rights/information activist would feel compelled to flee into exile and seek sanctuary in another country.”

And it goes like this.

Cease fire

On December 16, 2010, at exactly 12:30pm, Doyon issued a typed order into an Internet Relay Chat (IRC) room used by the hacker collective Anonymous. “CEASE FIRE,” it said in all caps. The command had no visible effect in the Starbucks where Doyon was working, though somewhere nearby the Web servers for Santa Cruz County, California groaned back to life after being flattened by a 30-minute distributed denial of service (DDoS) attack meant to protest an ordinance that regulated sleeping on public property.

Doyon unfocused his attention from his laptop screen and looked up at the coffee shop around him. Real life rushed back — the buzz of conversation, the smell of roasted beans. No one paid him any special attention, but Doyon felt a sudden pang of fear.

[…]

______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail