US man stole 130m credit card numbers

18/08/2009

US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards. Officials say it is the biggest case of identity theft in American history.

They say Albert Gonzales, 28, and two unnamed Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain.

Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzales faces up to 20 years in jail for wire fraud and five years for conspiracy. He would also have to pay a fine of $250,000 (£150,000) for each of the two charges.

Gonzales used a complicated technique known as an “SQL injection attack” to penetrate networks’ firewalls and steal information, the US Department of Justice said.

According to the indictment, the group researched the credit and debit card systems used by their victims, attacked their networks and sent the data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine. The data could then be sold on, enabling others to make fraudulent purchases, it said.

Read the full story on the BBC News website.


Computer viruses slow African expansion

13/08/2009

Hampered by pirated software and super-slow download times, computer users in Africa are finding PC viruses hard to eradicate.

While western countries have partially learned to neutralise the threat of computer viruses, Africa has become a hive of trojans, worms and exploiters of all stripes. As PC use on the continent has spread in the past decade, viruses have hitched a ride, wreaking havoc on development efforts, government programmes and fledgling businesses.

“It wouldn’t be unreasonable to say 80% of all computers you find in Africa will have some nastiness on them,” says Tariq Khokhar, the chief development officer of Aptivate, a non-governmental organisation that focuses on IT. This compares to around 30% in the UK, according to Panda Security.

The cost is hard to measure, but ask IT consultants and development workers about the impact, and the stories pour out. Even the Congress of South African Trade Unions found in May that its website was spreading viruses to visitors.

Viruses spontaneously reboot computers, destroy vital data, and clog already severely pinched internet connection (it is not unusual to wait 10 minutes to access a single web page). The result: funding applications delayed, small businesses hurt, and hours wasted.

Read the full story on the Guardian website.


Twitter crashes following malicious attack

06/08/2009

Twitter’s site crashed on Thursday at about 3pm BST due to a “denial of service” attack – thousands of remote-controlled virus-infected PCs trying to contact the site. Though the site came back up after an hour, the company said it was “continuing to defend against and recover from this attack”.

The company’s status blog said: “We are defending against a denial-of-service attack, and will update status again shortly.”

Denial-of-service attacks – also known as DDOS attacks, for distributed DOS – happen when the controllers of “botnets” consisting of many thousands of virus-compromised Windows PCs decide to target a site. In the past banking, gambling and news sites – and even Google – have been the target of DDOS attacks.

The attacks use the electronic equivalent of ringing the site’s doorbell and running away: the targeted site’s server wastes its resources answering the call. In a typical DDOS attack, there may be millions of such fake approaches.

The aim is often to blackmail the site, sometimes the owners are told that unless they make a payment the attacks will continue. Gambling sites have often suffered DDOS sites ahead of major sports events, and been warned that the same will follow when the event happens – their key time for bets – unless they pay protection money.

Read the full story on the Guardian website.


Smartphones open to SMS attacks

31/07/2009

Mobile handsets including iPhones and those using Windows Mobile or Google’s Android operating system are vulnerable to text-based attacks, say experts.

Software code that arrives in a text message can hijack the phones, said Charlie Miller and Collin Mulliner at the Black Hat conference in Las Vegas. The malware could knock phones off the network or access data and programs.

The team say that hackers could develop programs to exploit the weakness in as little as two weeks. The pair said that publicising the means of attack was necessary to ensure the problem was addressed.

“If we don’t talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what,” Mr Mulliner, an independent security expert, said.

The hack works by slightly modifying the data that arrives with an SMS message. The system that processes such messages is similar across different operating systems and can, once compromised, gain access across a range of applications including a phone’s address book or camera.

The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code.

Read the full story on the BBC News website.


Governments hit by cyber attack

08/07/2009

A widespread computer attack has hit several US government agencies while some South Korean government websites also appear to be affected.

The US Treasury Department, Secret Service, Federal Trade Commission and Transportation Department were all hit by the attack that started on July 4. In South Korea, the presidential Blue House and Defence Ministry, National Assembly appear to have been hit.

US officials have not released details of the attack. Ben Rushlo, head of internet technologies at web performance firm Keynote Systems described it as a “massive outage”.

Amy Kudwa, a spokeswoman for the Department of Homeland Security said the body’s US Computer Emergency Readiness Team (CERT) told federal departments about the issue and of steps “to mitigate against such attacks”.

Recently the US homeland security secretary Janet Napolitano told the BBC that protecting against virtual attacks was a matter of “great concern” and something the US was “moving forward with great alacrity”.

The attacks in South Korea seemed to be connected to the attack of US government services, said Ahn Jeong-eun, a spokesperson at Korea’s Information Security Agency. South Korea’s Yonhap News Agency is reporting that North Korea may be behind Tuesday’s cyber attack.

Read the full story on the BBC News website.


Gumblar PC virus targets Google users

23/05/2009

A computer virus that targets Google users is mutating rapidly, turning it into what some are calling the biggest threat to online security today.

The worm, known as Gumblar, attacks computers through vulnerabilities in some version of Adobe’s PDF reader and Flash player software. Once it infects a victim’s PC, it silently redirects the user’s Google search results to sites that download more malware onto the machine or allow criminals to conduct “phishing” attacks to steal login details for banking, social networking and websites.

Gumblar has begun to spread through websites where passwords or software have previously been compromised, so that visitors to the sites are unwittingly infected without realising it – a so-called “drive-by download exploit”. Infected PDF documents and Flash films on the site attack the victim’s PC.

Although Gumblar has been known about some time, its activity has increased rapidly in recent weeks. The unidentified writers behind the program have changed its mode of attack, so that it draws malicious code from a web page based in China, and have developed new techniques to avoid being spotted.

“The Gumblar attacks have morphed again,” said Mary Landesman, a senior security researcher with ScanSafe. “What we’re really looking at here can only be described as a botnet of compromised websites. And a growing one at that.”

Read the full story on the Guardian website.


Hackers launch attack on Facebook

17/05/2009

Facebook has been working to clean up its site after its 200 million members were targeted by hackers. Facebook spokesperson Barry Schnitt wouldn’t comment on how many accounts had been hit but he did confirm it was blocking any that had been compromised.

The hackers used a common “phishing” scam to get hold of users’ passwords. After breaking in to people’s Facebook accounts they sent out emails to friends of members asking them to click on links to fake websites.

The sites are designed to look like legitimate pages from Facebook but have been set up and are controlled by the hackers. Then it’s a simple case of tricking users into handing over all sorts of details from passwords to e-mail addresses.

All of this is done with the overall aim of being able to provide lists of addresses which can then be targeted to help spread spam.

Read the full story on the BBC Newsbeat website.