Not Very Cyber Secure Headline - "More than 75,000 computer systems hacked"

Posted on February 23, 2010 by Peter Vogel

After the news reports about the cyber attacks in China it’s no wonder that that more than “75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date.” Unfortunately those computer systems hacked included the US government, “educational institutions, energy firms, financial companies, and Internet service providers. “ Included were access to “e-mail systems, online banking accounts, Facebook, Yahoo, Hotmail and other social network credentials, along with more than 2,000 digital security certificates and a significant cache of personal identity information.” Doesn’t sound much security given these facts, and this is pretty scary since we now have a Cyber Czar to protect us.

Kneber bot

Amit Yoran, NetWitness's chief executive reported how the Kneber bot was launched in this attack on the +75,000 computer systems:

The hackers lured unsuspecting employees at targeted firms to download infected software from sites controlled by the hackers, or baited them into opening e-mails containing the infected attachments, Yoran said. The malicious software, or "bots," enabled the attackers to commandeer users' computers, scrape them for log-in credentials and passwords -- including to online banking and social networking sites -- and then exploit that data to hack into the systems of other users, Yoran said. The number of penetrated systems grew exponentially.

Clearly educating employees is critical to avoid such attacks in the future, but what’s the likelihood of avoiding these kind of disasters? Not good!

Privacy at Home? - School Official Defended in Webcam Spy Case

The Lower Merion School District (in suburban Philadelphia) acknowledged that the District remotely activated webcams inside students’ homes, but the District claimed it was only to find missing, lost or stolen laptops. However a student and his parents filed a federal civil rights suit alleging violation of wiretap laws and violation of privacy. Among other problems created was that allegedly the District thought a piece of candy was a pill and that the student was selling drugs. This reminds me of Big Brother from George Orwell’s 1984. he just missed the year!

Tags: , , , ,

No Surprise - Very Bad News for Webmail - Passwords Exposed for Hotmail, Gmail, and Yahoo!

Posted on October 7, 2009 by Peter Vogel

Apparently large scale phishing attacks resulted in compromises to tens of thousands of webmail accounts, hardly a surprise. However it is pretty amazing that so many individuals fall for the phishing tricks. As a matter of fact this morning I got an email purportedly from PayPal indicating that my account had been hacked and if I would only provide personal information including credit card information, social security number, date of birth, well you get it. Of course it would be incredibly stupid for me, or thousands of these phishing victims to believe the emails that come to our inboxes. What can we do to protect ourselves?

OnGuard Online

Apparently few people take the time to review OnGuard Online before they get duped by phishing and spam attacks. However the OnGuard Online is a great website hosted by a number of federal agencies and non-profits including: Federal Trade Commission, Department of Commerce, Department of Homeland Security, Internal Revenue Service, Computing Technology Industry Association, National Crime Prevention Council, Better Business Bureau, and Anti-Phishing Working Group (APWG). OnGuard Online provides cute videos and games to educate consumers about the risks associated with: phishing, computer security, email scams, spam, VOIP, among other topics. The OnGuard Online site also provides publications and allows consumers to file complaints.

Federal Government to the Rescue?

If the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act of 2003 is any indication it’s probably unlikely that the US government can do much to protect citizens since there seems to be an increase in spam and phishing since 2003, not a reduction as was hoped when the 2003 law was passed. There are estimates that 80% of all email is unsolicited which should be reason enough for individuals to be more leery of suspicious phishing emails. Hotmail claims it has 400 million accounts so the number of compromised accounts could be huge and reports from the APWG estimate that phishing attacks will continue. Since the US government does not seem capable of managing cyber security and the White House cannot get anyone to be Cyber Czar is it any wonder that the webmail accounts are compromised by the thousand?
 

Tags: , , , , , , ,