New York Times claims infiltration by Chinese hackers

February 4, 2013 under all posts

New York Times claims infiltration by Chinese hackersThe New York Times says that it has repeatedly come under the attack of Chinese hackers over the last four months, reports the BBC. The newspaper says that the attacks coincided with a report it ran which claimed Chinese Premier Wen Jiabao had amassed a multi-billion dollar fortune. Jiabao was not accused of wrongdoing but according to the BBC, China is sensitive about reports on its leaders’ wealth.

The attacks on the major US newspaper started with the hacking of David Barboza’s account, the paper’s bureau chief in Shanghai who wrote the report, along with the account of one of his predecessors. The hackers went on to retrieve the password of every New York Times employee and gain access to any computer in the paper’s network along with 53 personal computers, most of which were outside the Times offices.

Once discovered, the paper hired internet security firm Mandiant to trace the attack. The firm believes the initial breach may have been through a spear-phishing attack, where an employee clicked on an email or link containing malicious code. It also found that the tactics the hackers used were consistent with other attacks it had traced to China.

Although the accusations have been dismissed as “groundless” by China’s foreign ministry, several governments, companies and organisations have accused the Chinese of systematic cyber espionage for years.

See the full story on BBC.co.uk

Share
comments: Closed tags: , , , , , ,

MLB Facebook accounts briefly hijacked

August 13, 2012 under all posts

MLB Facebook accounts briefly hijackedMajor League Baseball (MLB) is the latest victim of social media hijacking after several of its Facebook accounts were hacked into. False status updates were posted on various teams’ pages, all of which are managed by Major League Baseball Advanced Media.

Although the updates were quickly deleted after the hack was discovered, followers of the affected teams may have seen some bizarre messages appear in their feeds. The Chicago White Sox page said they believed that Barack Obama is a #MuslimPresident, and the New York Yankees explained the Derek Jeter would be out for the rest of the season whilst he underwent a sex change operation. Apologies for the content have been posted on many accounts.

The hacker seems to be a single rogue administrator of those pages. MLB Advanced Media and Facebook are working together to get to the bottom of how the accounts were hacked.

See the full story on ABCNews.com

Share
comments: Closed tags: , , , ,

Reuters Twitter account hacked by pro-Syrian government group

August 8, 2012 under all posts

Reuters Twitter account hacked by pro-Syrian government groupReuters has seen one of its Twitter accounts compromised just 48 hours after it discovered that Syrian cybercriminals had allegedly hacked its blogging platform. The culprits, presumably the same group in both instances, are President Bashar al-Assad loyalists and have been using Reuters’ credibility to get anti-rebel messages out.

According to VentureBeat, the hackers changed the Twitter handle from @ReutersTech, which is dedicated to technology news, to @ReutersME, and began posting tweets focused on the Middle East to the account’s 17,500 followers. Most were pro-Syrian government messages. Reuters has taken the account offline for now and is working with Twitter to review the hack.

The attack is part of a growing trend; Gizmodo and a New York Times reporter have also had their Twitter accounts hacked recently. For those who want to get a message out, targeting influential media organisations is appealing and is likely to start happening more.

See the full story on VentureBeat.com

Share
comments: 0 » tags: , , , ,

LinkedIn loses 6.5m users’ passwords to hackers

June 15, 2012 under all posts

LinkedIn loses 6.5m users' passwords to hackersLast week, LinkedIn became the latest social media company to endure a major security breach after more than six million of its users’ passwords were stolen and posted by hackers on a Russian web forum, inviting other hackers to help decrypt them.

All of the 6.5 million leaked passwords were immediately disabled by the network. In addition, nearly all were encrypted and although hackers were able to decrypt some, none were available with their associated email logins. LinkedIn has also not had, thus far anyway, any reports of accounts being breached due to the attack.

Nevertheless, some commentators have been hard on LinkedIn. Encryption alone is not considered enough and just two days after the attack, approximately 60% of the passwords had been decrypted. LinkedIn has since faced questions as to why the passwords weren’t salted to fall in line with industry best practices.

The most important loss LinkedIn will face from this is brand and reputational damage. Each LinkedIn user is worth about $70 (£50). If even 1% of users who had their passwords stolen lose faith in the security of LinkedIn and move their social networking elsewhere, that would be a loss of $4.5m. A chance of a lawsuit for a breach like this is remote; very little, if any, private user data was actually at risk. Instead, managing the media’s response and preventing customers from losing faith will be the company’s primary concern.

See the full article on CFCUnderwriting.com

Share
comments: 0 » tags: , , , , , , ,

Sesame Street YouTube channel defaced by hackers

October 19, 2011 under all posts

Sesame Street YouTube channel defaced by hackersSesame Street – land of fuzzy, friendly puppets and childhood innocence and now a victim of porn-posting hackers? It is sad to report that the children’s program’s YouTube channel was recently hacked and reprogrammed to show adult content. The material appeared on the channel for approximately 20 minutes until the channel was taken offline for violations of YouTube’s community guidelines.

Although it’s not the first time a social media account has been taken over by hackers, it comes as a particular shock because, well, who would attack the children’s institution that is Sesame Street with such inappropriate content? The hackers named themselves as “Mredxwx” and “Mrsuicider91″. The owner of the handle “Mredxwx” has since posted a YouTube comment that denies involvement with the hack.

So how can companies prevent this type of attack? In a statement released by YouTube’s owners, Google, the internet giant guessed that either Sesame Street had not used a complicated enough password or, more likely, that it was obtained through a phishing scam. So whilst avoiding phishing operations can be tricky, using unique and complicated passwords is the first step.

Sesame Street has posted an apology on its YouTube channel along with the following message: “If you’re watching videos with your preschooler and would like to do so in a safe, child-friendly environment, please join us at http://www.sesamestreet.org.” That is to say, we can’t guarantee this won’t happen again so skip the middle-man and come to our secure site. Perhaps this is a lesson in brand reputation, online security and the dangers of social media for us all.

See the full story on Information Week

Share
comments: 0 » tags: , , , ,

UK employees view social media as risk

September 14, 2011 under all posts

UK employees view social media as riskSocial media has changed business, from the way companies market themselves to the way recruiters find employees. But new research by global risk consultancy, Protiviti, shows that one in six employees believe corporate security is put at risk by social networking sites and 28% believe the sites to be a major risk to their personal security. In addition, the research discovered that more than a quarter of workers said more should be done to clarify how social media should be used in a working environment.

See the full story on Recruiter.co.uk

Share
comments: 0 » tags: , ,

Facebook to be next victim, declares Anonymous

August 15, 2011 under all posts

Facebook to be next victim, declares AnonymousIn a recent YouTube video, hacker group Anonymous announced that Facebook would be its next big victim. In the video, the group threatens an attack on November 5th, Guy Faulk’s Day in the UK, in order to bring down the large, allegedly privacy-breaching, social networking site.

Encouraging viewers to join the cause, Anonymous claims that personal information is no longer safe on the site and thus Facebook must be destroyed. According to the video, Facebook has been selling users’ personal information and storing deleted information for recovery at a later date.

Social media companies have a lot to contend with lately. Not only are they fighting to remain privacy and security compliant in a world full of differing country laws, but they also face a security risk from the outside as hacking groups plan to destroy or at least disrupt service.

See the full story on Geek.com
CFC’s Esurance 2.0 is designed specifically for social media companies. Click here to learn more.

Share
comments: 0 » tags: , , ,

Selling personal information is a lucrative business

May 3, 2011 under all posts

Selling personal information is a lucrative businessWe’ve all heard of personal information being stolen through hack attacks and accidental gaps in security. Something we hear about a little bit less, however, is the thousands of pounds worth of personal information being sold by people who have clear access to it.

The UK Information Commissioner, Christopher Graham, said that there has been a “modern scourge” in the illegal sale of confidential information by employees of companies who retain this data. Right now, the fines for offenders are up to £5,000 but Graham is calling for more, including jail time and tougher sanctions.

The sale of personal information not only harms the individuals involved but will inevitably cost the companies as they attempt to defend claims. When sensitive data is involved, not only should employers protect themselves against the prospect of an outside hack attack, but they should also periodically ensure their employees are following guidelines while making sure they have cover in place if they’re not.

See the full story on Computing.co.uk
We can cover employee dishonesty. Click here to find out more.

Share
comments: 0 » tags: , ,