[ISN] Feds Charge Wall Street Traders With Code Theft

http://www.informationweek.com/security/attacks/feds-charge-wall-street-traders-with-cod/240160543 By Mathew J. Schwartz InformationWeek.com August 28, 2013 Three men have been charged by Manhattan district attorney Cyrus Vance Jr. with stealing proprietary information from Amsterdam-based trading house Flow Traders. All three, who are in their 20s, were arrested earlier this month




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Medical lab allegedly exposed customer info on P2P, claims it was the victim

http://arstechnica.com/security/2013/08/medical-lab-allegedly-exposed-customer-info-on-p2p-claims-it-was-the-victim/ By Jon Brodkin Ars Technica Aug 29 2013 A medical testing laboratory called LabMD has been accused of exposing the personal information of about 10,000 customers on a peer-to-peer file sharing network. The company has been fighting the claims, saying a security firm that uncovered the breach victimized LabMD by downloading a large spreadsheet containing sensitive customer information. The US Federal Trade Commission today said it filed a complaint which “alleges that LabMD billing information for over 9,000 consumers was found on a peer-to-peer (P2P) file-sharing network and then, in 2012, LabMD documents containing sensitive personal information of at least 500 consumers were found in the hands of identity thieves.” The lab is based in Atlanta but performs medical tests for consumers nationwide. Police in Sacramento, CA, found in 2012 that identity thieves had possession of LabMD documents containing names, Social Security numbers, and bank account information for at least 500 people. “[A] number of these Social Security numbers are being or have been used by more than one person with different names, which may be an indicator of identity theft,” the FTC said. The complaint also alleges that “a LabMD spreadsheet containing insurance billing information was found on a P2P network,” the FTC said. “The spreadsheet contained sensitive personal information for more than 9,000 consumers, including names, Social Security numbers, dates of birth, health insurance provider information, and standardized medical treatment codes.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Is This the 19-Year-Old Leader of the Syrian Electronic Army?

http://www.vice.com/read/is-this-the-19-year-old-leader-of-the-syrian-electronic-army By Brian Merchant VICE August 29, 2013 The Syrian Electronic Army topped the news cycle again this week, following takedowns of The New York Times, Twitter, and Huffington Post UK. They’re just the most recent efforts in a long string of high-profile hacks, which targeted the likes of the Associated Press, the Onion, and NPR. The SEA has said it is waging cyberwar to denounce media coverage of the conflict in Syria they see as being overwhelmingly anti-Assad. But who’s actually running the operation? New evidence indicates that it’s a 19-year-old Syrian named Hatem Deeb. While the SEA has conducted a handful of interviews with the media, including with our colleagues at VICE, they have done so anonymously. Their identities have remained secret in all media correspondences, veiled behind user names like TheShadow and ThePro. ThePro, or Th3Pr0, has claimed the mantle of lead hacker, and his identity has so far been under wraps. The tech press is fond of noting that the SEA has used relatively primitive techniques to execute high-profile hacks. Some experienced hackers and security analysts have called their attacks downright amateur, as some of the group’s Twitter takeovers are the result of old phishing attacks. And they’ve also inadvertently left a digital paper trail that may reveal the identities of their highest profile members. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The NSA has its own team of elite hackers

http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/29/the-nsa-has-its-own-team-of-elite-hackers/ By Andrea Peterson The Switch Washington Post August 29, 2013 Our Post colleagues have had a busy day. First, they released documents revealing the U.S. intelligence budget from National Security Agency (NSA) leaker Edward Snowden. Then they recounted exactly how the hunt for Osama bin Laden went down. In that second report, Craig Whitlock and Barton Gellman shared a few tidbits about the role of the government’s hacking unit, Tailored Access Operations (TAO) in the hunt, writing that TAO “enabled the NSA to collect intelligence from mobile phones that were used by al-Qaeda operatives and other ‘persons of interest’ in the bin Laden hunt.” So just what is Tailored Access Operations? According to a profile by Matthew M. Aid for Foreign Policy, it’s a highly secret but incredibly important NSA program that collects intelligence about foreign targets by hacking into their computers, stealing data, and monitoring communications. Aid claims TAO is also responsible for developing programs that could destroy or damage foreign computers and networks via cyberattacks if commanded to do so by the president. So, TAO might have had something to do with the development of Stuxnet and Flame, malware programs thought to have been jointly developed by the U.S. and Israel. The malware initially targeted the Iranian nuclear program, but quickly made its way into the digital wild. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] All your passwords belong to us

http://www.zdnet.com/all-your-passwords-belong-to-us-7000020033/ By John Fontana Identity Matters ZDNet News August 29, 2013 I think I detected a discernible sigh of relief this week from billions of Internet users with 56-character passwords. I could be wrong. Likely I am. People try all sorts of crazy things to manage passwords, but 55 character strings are not anywhere near the top of the list. This week has been another example of the hacker blitz on passwords; leading off with the password-cracker program oclHashcat-plus, which was infused with upgrades that allow it to break passwords as long as 55 characters. Talk about bringing down barriers to entry. Perhaps the last of our defenses are gone. And by the way, oclHashcat-plus is a free download if you’re looking for a cheap and sinister hobby. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] City of London police plans new industry reporting system to tackle cyber-crime

http://www.computerworlduk.com/news/security/3466021/city-of-london-police-plans-new-industry-reporting-system-tackle-cyber-crime/ By Derek du Preez Computerworld UK 29 August 13 The City of London’s Police Commissioner, Adrian Leppard, is seeking up to £4 million from the Home Office to build a new IT system that will improve reporting on cyber-crime from across all sectors of industry. Industry reporting on fraudulent activity that is enabled by the internet has been heavily criticised by MPs and industry experts, which claim that much of the criminal activity remains unknown to government and police forces, as industry bodies resolve many complaints directly with customers. However, Leppard is hoping that by building a system that receives basic information from banks, SMEs, retail, and all other areas of industry, the government will gain a better understanding of how cyber-crime is impacting the UK. He believes that this information could be used to help influence policy and bring in additional government funding. “One thing we are really trying to get right is industry reporting. Industry will never be in a position to ring up a call centre, or fill in a form for each crime. What we have to do is define the technical interface between us and the whole sector, so we can just automate feeds. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacker points Syrian telecom website to AT&T, T-Mobile

http://news.techworld.com/security/3466107/hacker-points-syrian-telecom-website-to-att-t-mobile/ By Jeremy Kirk Techworld.com 29 August 2013 The website of a Syrian telecommunications provider redirected to AT&T’s website and then T-Mobile’s on Wednesday, an apparent prank by a hacker who has been probing the country’s Internet infrastructure for several days. The hacker apparently found a way to modify the authoritative DNS (Domain Name System) record for the Syrian Telecommunications Establishment (STE), said Doug Madory, senior analyst with Renesys, a company that monitors global Internet activity. The style of hack is similar to one that affected The New York Times, Twitter, Sharethis and others on Tuesday when certain domain names they controlled were pointed to an IP address controlled by the Syrian Electronic Army (SEA), a group of pro-Syrian government cyberattackers. DNS is a distributed database that translates domain names, such as twitter.com, into an IP address that can be called up in a browser. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Obama’s Free to Bomb Syria but Is Limited on Cybersecurity

http://www.nationaljournal.com/whitehouse/obama-s-free-to-bomb-syria-but-is-limited-on-cybersecurity-20130828 By Matthew Cooper National Journal August 28, 2013 As President Obama readies to strike the Syrian regime, it’s worth thinking about that other defense problem


Facebooktwittergoogle_plusredditpinterestlinkedinmail