Hacking Back
Sick of all the hackings making headlines? So are other hackers.
A group of hackers that calls itself the A-Team has targeted Lulz Security, the group that has taken credit for a number of recent attacks against law enforcement agencies, government agencies and companies such as Sony Corp. The A-Team has taunted Lulz members and seeks to identify them publicly, The New York Times
Though other groups, such as factions of Anonymous, have taken credit for several recent attacks, the Times article said Lulz in particular was a "tempting target" for rival hackers because of its "provocative attacks and flamboyant style."
Anonymity is considered essential among hackers, so simply being identified could be enough to thwart any hacker, the article said.
Lulz claims to have shut down already, though law enforcement agencies continue to pursue its members, the article said. A new group, called AntiSec, has continued to go after the targets Lulz has claimed credit for hacking, such as the Arizona police.
Twitter Target
Many financial institutions and other companies have started to rely on Twitter as a trusted channel for communication, so it was odd to see an official Fox News account fall victim for about 10 hours before the company regained control.
The Twitter account, @foxnewspolitics, was taken over Monday morning and posted fake news reports of an assassination of President Obama, the Times
A group that calls itself Script Kiddies may be responsible for the hacking incident, according to the outgoing editor of a student magazine at Stony Brook University on Long Island, the article said. This group posted a message to its own account, claiming credit for the hack, even before the bogus assassination reports appeared on the Fox account. However, it did not admit to posting the false reports.
The group said it focused on Fox because it believed the organization would have lax security, according to the editor.
Apple Bitten
Twenty-seven usernames and encrypted passwords, supposedly for an Apple Inc. website, were posted online over the weekend with a warning from the hacker group Anonymous, according to an
The nature of the posting, including a message to Apple and the label "Not Yet Serious," suggests that there might be more attacks against Apple, however a post made to Anonymous' Twitter account saying "don't worry, we are busy elsewhere."
The Twitter message linked to the compromised usernames and passwords, which were posted to the document-sharing website Pastebin.
The data appeared to serve as the login credentials for a database for an online survey for the Apple Business Intelligence website. At the time the article was posted, that website was offline and Apple had not responded to the reporter's request for comment.
In an incident that the article said was "apparently unrelated," a Lebanese hacker, who claimed not to be malicious, said he found vulnerabilities in another Apple website that could be used to expose data.
The Legal Approach
A growing number of lawsuits over data breaches could place more liability on the companies behind the software that was exploited in the attacks — and thus force an increase in security, Ars Technica
In addition to the lawsuits, there is also growing concern at the Federal Trade Commission about the state of online security.
"The world in which software companies could safely treat security as an afterthought is gone," the article said, "but it's not yet clear what will replace it … the right rules will encourage companies to take security seriously, but too much regulation could unduly hamper the software development process."
Alex Halderman, a computer science professor at the University of Michigan, told Ars Technica that legal and government pressure is necessary because consumers are not well enough informed about security issues to be able to effect change in how companies approach data protection. However, Halderman said the FTC and similar agencies may also be lacking in expertise. Halderman argued that the best way to improve security is for a company to have a mentality of taking security seriously, the article said. This is tough to mandate from an outside agency, but legal pressure might help shape a company's culture, Halderman said.
Halderman cautioned that heavy legal or other scrutiny might make companies swing too far in the opposite direction: they could become so security-conscious that it affects their ability to bring a product to market.
"Forcing companies to devote too much effort to security can be as harmful as devoting too little," the article said.
Group Discount
The email addresses and unencrypted passwords of all 300,000 of a Groupon subsidiary's users have been exposed, StorefrontBacktalk
The unit, Sosasta, is Groupon's subsidiary in India. The unit's user database was found online by a security consultant in Australia, the article said.
The consultant was doing an Internet search seeking exposed databases, and notified Groupon of his find on June 23, the article said.
Groupon bought Sosasta in January. It told StorefrontBacktalk that the subsidiary "runs its own platform and servers, and is not connected to Groupon sites in other countries."
Heavy Lifting
Another week, another theft of an entire automated teller machine.
In Pittsfield, Mass., police were seeking two suspects who "picked up the ATM and lugged it out" of a convenience store, Pittsfield Police Detective Capt. Patrick F. Barry told The Berkshire Eagle for a Tuesday
The incident took place at 3:15 a.m. on June 25. Police did not say how much cash was in the ATM.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
