Attacked.Gov
The International Monetary Fund and the U.S. Senate are among the latest big organizations to be hit by hackers.
On June 11 The New York Times
One unidentified official from the IMF described the attack as "a very major breach" that had occurred over the last few months.
The attack was reportedly so severe that the World Bank, whose offices are across the street and which shares information with the IMF in Washington, cut its computer link to the other organization.
The incident was reportedly made possible by a spear-phishing attack, meaning a user inside the IMF was tricked into clicking on a malicious link embedded in an email.
After the attack, the IMF reportedly shut down access to the servers storing the agency's most sensitive data. The Times reports the agency is now fully functional.
According to a Reuters
The hacker group Lulz Security reportedly took credit for this attack, which breached only the public portion of the website. Hackers did not reach beyond the firewall to a more protected area of the network.
The Sergeant at Arms Office, which oversees Senate security, said no senator's information had been compromised and that it repels tens of thousands of similar attacks each month.
Lulz, which is allegedly responsible for recent attacks against Sony Pictures Entertainment Inc. and the Public Broadcasting Service, posted online a list of files that appears to have come from the Senate website.
The group said in a written statement, "We don't like the U.S. government very much," and appeared to taunt military officials who said they could fight cyberterrorism with conventional military force.
Hacks and the Citi
Hackers used a vulnerability in how Citigroup Inc. manages access to its website to break into multiple users' card accounts, The New York Times
They got in by logging in as authentic customers, and once inside pasted other users' account numbers into part of the Web address bar. They then stole personal information such as names, email addresses, account numbers and transaction histories of roughly 200,000 customers, the article said.
Security experts said the attack against Citi is likely a sign of more sophisticated attacks to come. The article reported that 360 million credit and debit account records were stolen in 2008. As the usefulness of the older numbers comes to an end on the black market for consumer data, there will be a need for new numbers. In 2010 3.8 million credit and debit records were stolen, according to a report by Verizon and the Federal Bureau of Investigation.
Anonymous Arrest
Authorities in Spain announced the arrest Friday of three people they charge are part of the hacker group Anonymous, according to a June 13
Members of Anonymous have claimed responsibility for a large number of network attacks over the past six months. Sony Corp. has accused Anonymous of orchestrating the massive breach of its PlayStation Network online gaming system and digital media store.
Police reportedly raided a house in Gijon, a coastal city in northern Spain, where they seized a computer server they said was used for cyberattacks.
Police described those arrested as senior members of Anonymous Spain. They said Anonymous is an organization with cells around the world. Police reportedly tracked down the individuals by examining the logs of chat rooms.
Authorities reportedly said they found software designed to infect computers as well as to encrypt and conceal identities.
The three were arrested on suspicion of causing economic damage and are free from custody pending a trial. Spanish authorities began their search for Anonymous members in October after attacks on various government websites.
The attacks were seen as retaliation against a new Spanish law that bars the downloading of music and other copyright-protected content.
EU Rule Changes
The European Union is on the verge of passing new regulations that would impose stiffer penalties for cybercrimes, according to a June 13
The rules would update regulations from 2005 that deal with break-ins and illegal access to data and computer systems.
The regulations would provide tough penalties for creators and developers of malware, as well as those who create botnets. It would also punish those who create software that lets hackers steal passwords.
The new rules would classify interception of data as a criminal offense and set higher maximum penalties. Perpetrators of general cybercrimes could be sentenced to two years in prison, while those involved in numerous technology systems and the creation of botnets will get three years. For more serious offenses involving critical technology and organized crime the minimum sentence would be five years. The rules would strengthen cooperation between EU members on cybercrime issues, including requiring a response within eight hours to members seeking assistance. They would also improve the collection of statistical data on cybercrimes.
Malware Aware
The first quarter of 2011 was the busiest on record for the production of malware, according to a
McAfee, of Santa Clara, Calif., reported 6 million unique samples of malware in the quarter, with nearly 3 million new samples in February alone.
Malware, which can infect computers when users simply click on an infected link embedded in an email, can be used to steal important credentials like online banking usernames and passwords.
The report, published June 1, also indicates that Android is catching up in popularity to other operating systems for infection. The Google Inc. mobile operating system now ranks behind only Nokia Corp.'s Symbian as the most popular for infections.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
