It looks as though hackers have managed to swipe user names and passwords from some of the world’s biggest social networking and email platforms… again. Per CNN, security firm Trustwave claims that hackers have stolen more than 2 million Facebook, Google, Twitter and Yahoo user names and passwords through malicious keylogging software that’s been installed in an unknown number of computers. Facebook users have been the biggest victims of the malware so far, as an estimated 318,000 Facebook accounts have been compromised so far along with 70,000 Google-related accounts, 60,000 Yahoo accounts and 22,000 Twitter accounts. Trustwave says that it’s notified all affected companies about the security breach.
The United States government has accused five men from Russia and the Ukraine of masterminding the largest hacking scheme in U.S. history, The Wall Street Journal reported. The group allegedly hacked NASDAQ, Visa, J.C. Penney, 7-Eleven and JetBlue, among other companies, from 2005 until early last year. The men are accused of illegally obtaining roughly 160 million credit and debit card numbers, and allegedly stealing more than $300 million from at least three of the companies they attacked. The men are said to have scouted various retail locations to discover any vulnerabilities in their payment-processing systems. They are also accused of installing unauthorized software on corporate computers that granted them back door access to the systems at a later date. Two of the men are in police custody, while three others are on the loose and considered fugitives.
Here’s something that should sober enthusiasts of self-driving cars. Forbes reporter Andy Greenberg has been hanging out with hackers Charlie Miller and Chris Valasek, who have come up with their most terrifying hacking target yet: a car’s software. Greenberg says that the two hackers have “reverse-engineered enough of the software of the Escape and the Toyota Prius (both the 2010 model) to demonstrate a range of nasty surprises: everything from annoyances like uncontrollably blasting the horn to serious hazards like slamming on the Prius’ brakes at high speeds.” Even worse, Miller and Valasek have shown they’re able to take control of a car’s steering functionality so they can drive it into a ditch, a wall or just about anywhere they choose. In other words, they’ve found a way to transform cars into their own personal weapons. Greenberg says that the two hackers will present their unsettling findings to Defcon in Las Vegas next month.
That pesky 12-year-old Russian kid who infected your PC with malware that replaced all your photos with gifs of dancing bears is costing the American economy a lot more than you imagine. The Wall Street Journal reports that a new study conducted by McAfee and the nonprofit Center for Strategic and International Studies shows that cybercrime is costing the U.S. government and businesses around $100 billion per year, or roughly one-tenth of what other recent estimates have projected. The Journal says that “one of the key reasons the study’s estimate is lower than many previous ones is that it takes into account the shifting benefits of cybertheft,” since data that is stolen by hackers doesn’t actually disappear.
Pirate Bay co-founder Gottfrid Svartholm Warg is about to spend some time in the brig. TorrentFreak reports that a Swedish court has sentenced Svartholm Warg to two years in prison for his role in “hacking into Logica, a company carrying out work for local tax authorities.” Things could get even worse for The Pirate Bay co-founder in the coming months as well, since he also faces even more serious hacking charges in Denmark, where officials allege that he hacked into the country’s driver’s license database and its social security database and exposed the email accounts and passwords of thousands of government officials and law enforcement officers. Svartholm Warg, who in 2009 was convicted of violating copyright laws for his role in founding The Pirate Bay, could face up to six years in prison if found guilty of the Denmark hacking charges.
Gottfrid Svartholm Warg, a co-founder of the infamous Pirate Bay website, can’t seem to stay out of legal hot water. Ars Technica reports that Svartholm Warg has been charged in Denmark with “illegally accessing the country’s driver’s license database, social security database, the shared IT system across the Schengen zone, and the e-mail accounts and passwords of 10,000 police officers and tax officials.” News of the alleged hack has understandably caused an uproar in Denmark since millions of people’s vital information has been exposed. Svartholm Warg, who in 2009 was convicted of violating copyright laws for his role in founding The Pirate Bay, could face up to six years in prison if found guilty of the latest charges.
Spanish officials have arrested a Dutch citizen in northeast Spain for his involvement in what has been called the biggest cyberattack in Internet history. The suspect is said to have operated a hacking bunker in a van that was equipped with “various antennas to scan frequencies” that he used to evade authorities. The unnamed individual, who was only identified by his initials S.K., is accused of launching several large denial-of-service attacks on Internet servers in the Netherlands, United Kingdom and the United States, and also of attacking Spamhaus, a Swiss-British watchdog group that blocks spam advertisement for counterfeit Viagra and fake weight-loss pills from reaching Internet inboxes. The Associated Press reports that the 35-year-old male was arrested in the city of Granollers on Thursday by Spanish authorities acting on an arrest warrant issued by Dutch authorities. The suspect is expected to be extradited from Spain to the Netherlands where he will stand trial.
Anyone who’s ever had their website hacked and defaced by hacker collective Anonymous can have a good laugh at their expense, because it looks as though they aren’t immune to security breaches either. BBC News reports that Anonymous this week “has suffered an embarrassing breach, as one of its popular Twitter feeds is taken over by rival hacktivists.” The Anonymous Twitter hack follows other high-profile Twitter hacks that have occurred over the past few days, including the Twitter accounts for both Burger King and Jeep. Graham Cluley, a senior consultant at security firm Sophos, tells BBC News that the hacks likely resulted from poor password practices, such as either using weak passwords or using the same password across multiple different accounts across the web.
Research shows tweeting through text message is a surefire way to get your account hijacked [updated]
You don’t need an Internet-connected smartphone to send out a tweet. In fact, very few people know that tweets can be sent out through a text message. However, users who do tweet from their cellphones via SMS could have their accounts easily hacked. An exploit detailed by researcher Jonathan Rudenberg reveals “Twitter users with SMS enabled are vulnerable to an attack that allows anyone to post to their account” by spoofing the phone number associated with the account. Rudenberg reports that unless a PIN number is set up (not available in the U.S.) to authorize tweets, users are vulnerable. Although the exploit was reported to Twitter’s security team in August, Rudenberg says the social network still hasn’t closed the hole, despite asking him to refrain from publishing his finding. Rudenberg also said in his blog post that he found similar SMS-related exploits with Facebook (FB) and Venmo that have since been patched. More →
A computer virus known as “Stuxnet” was released into the wild in 2010 and crippled Iran’s nuclear program. The sophisticated attack, which has been described as the atom bomb of cyberwarfare, is widely believed to have been the result of a joint project from Israel and the United States. This is just one of several attacks that have taken place around the world over the last decade. The filmmakers behind Skyfall, the latest James Bond movie, acknowledged the growing number of cyberattacks and inserted the title character into a realistic world where he faces off against a high-tech villain. This isn’t your grandfather’s James Bond, and while the film still features near-endless action, high-class equipment and beautiful women, Skyfall is also stark reminder of the growing number of problems we face in a high-tech society.
The lesson here seems to be, “don’t wear an EEG headset while using the ATM.” Wired reports that researchers at Oxford, UC Berkeley and the University of Geneva were able to decipher their test subjects’ “PIN numbers, birth months, areas of residence and other personal information” just by presenting them with associative pictures while hooked up to EEG headsets. For instance, researchers said they were able to successfully mind-hack some users’ PIN numbers just by showing them pictures of ATMs, debit cards and all digits 0 through 9 in a quick sequence. More →
Having some lulz at the expense of another company’s security probably seemed like a better idea before it resulted in a possible 15-year jail sentence. Per the Telegraph, U.S. authorities on Tuesday arrested 20-year-old Raynaldo Rivera of Tempe, Arizona on conspiracy and hacking charges related to a hack of Sony (SNE) Pictures’ computer systems. Authorities allege that Rivera and fellow members of the LulzSec hacking collective raided the Sony systems to obtain the names, email addresses, passwords and phone numbers of thousands of people who had registered for various Sony contests. One of Rivera’s alleged co-conspirators, 24-year-old Cody Kretsinger, pleaded guilty to hacking charges related to the Sony attack earlier this year. More →
According to security research firm Kaspersky Labs, the volume of new malware targeting Android devices nearly tripled in the second quarter of 2012. Over the three-month period, the company found more than 14,900 new malicious programs targeting the platform. Nearly half of the malicious files were classified as multi-functional Trojans that were programmed to steal data from smartphones and could also download and install programs from remote servers. A quarter of the malware was made up of SMS Trojans, which are capable of sending text message to premium-rate numbers without the owner’s consent, and 18% were considered backdoor threats that can give hackers full control over an infected device. More →