The Lulz Security group of hackers said in a Tweet that it had launched an attack on the public website of the U.S. Central Intelligence Agency.
The site, www.cia.gov, was unavailable for a few minutes on Wednesday evening, immediately after the group announced the attack via Twitter.
“We are looking into these reports,” a CIA spokeswoman said.
from Reuters: http://www.reuters.com/article/2011/06/15/cia-hackers-idUSN1512055820110615
The hackers who broke into the Senate’s public web server over the week-end gained access through a security hole on an unidentified senator’s web site, said the Senate sergeant at arms on Tuesday.
The shadowy group, which calls itself Lulz Security, didn’t break through the senate’s firewall and gain access to its internal computer system. Instead, it just accessed senate.gov’s file directory.
Nevertheless, the sergeant at arms’ office on Tuesday issued a statement saying that the group was able to do this because of a security vulnerability on a senator’s web site. The office said that it doesn’t maintain sites for individual senators, but that it closed the security hole after it was discovered.
“As always, we continue to work with our federal cyber security and law enforcement partners to enhance the security of federal government websites,” the office said in a statement issued to the press.
“We are also initiating a review of all the sites hosted on senate.gov, urging the individuals responsible for those sites to conduct their own review, and continuing to take other actions to safeguard the Senate’s public Web presence.”
Along with the poached server logs, Lulz Security posted a note on its web site with the following message:
Greetings friends,
We don’t like the US government very much. Their boats are
weak, their lulz are low, and their sites aren’t very secure.
In an attempt to help them fix their issues, we’ve decided
to donate additional lulz in the form of owning them some more!
This is a small, just-for-kicks release of some internal data
from Senate.gov – is this an act of war, gentlemen? Problem?
– Lulz Security
The week-end prank was one of the latest of a rash of high-profile break-ins that the group has conducted over the past month.
The group has broken into a television talent show’s system in the United Kingdom to expose its database of 250,000 contestants — some of whom are minors, and whose names, dates of birth, phone numbers and e-mail addresses are now openly available on the web.
Lulz Security’s other targets over the past month include Fox.com, Sony, a database connected to a an ATM somewhere in the U.K., PBS, Nintendo, the F.B.I. various gaming companies and Infraguard, a body run by the F.B.I. that works in partnership with the private sector to secure networks.
The group actually announces its targets on Twitter and maintains a phone line, where it encourages people to leave messages at 614-LULZSEC, where a message tells callers “We are not available right now, as we are too busy raping the internets!”
Sen. Susan Collins, R-Maine said in a press statement on Tuesday that “the computer systems of the Executive Branch agencies and the Congress were probed or attacked an average of 1.8 billion times per month last year.”
From TalkingPointsMemo’s IdeaLab at: http://idealab.talkingpointsmemo.com/2011/06/post.php#more
The International Monetary Fund has joined Sony and Google on a growing list of hacking victims but it is hard to identify the culprits who consistently manage to keep one technological step ahead of their pursuers.
“This is an example of technology developing faster than the frameworks and sometimes the regulations around that,” said Unilever chief executive Paul Polman on the sidelines of a World Economic Forum meeting in Jakarta.
Cyber security experts say the only way to effectively combat the menace is for the public and private sectors to join forces and combine greater regulation with international action.
From Reuters.com at http://www.reuters.com/article/2011/06/13/us-imf-cyberattack-
Citigroup Inc said computer hackers breached the bank’s network and accessed the data of about 200,000 bank card holders in North America, the latest of a string of cyber attacks on high-profile companies.
Citi said the names of customers, account numbers and contact information, including email addresses, were viewed in the breach, which the Financial Times said was discovered by the bank in early May.
However, Citi said other information such as birth dates, social security numbers, card expiration dates and card security codes (CVV) were not compromised.
“We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event,” Sean Kevelighan, a U.S.-based spokesman, said by email.
“For the security of these customers, we are not disclosing further details.”
In the brief email statement, Citi did not say how the breach had occurred.
From TPM: http://talkingpointsmemo.com/news/2011/06/citi_says_hackers_access_bank_card_data.php
Apple CEO Steve Jobs on Monday unveiled the company’s revamped strategy to cloud computing, showing off how users can create content and buy music from one computer or device, and have it all appear seamlessly on their other Apple devices without having to manually plug in and synchronize their devices any more.
Jobs took to the stage at the Moscone Center in downtown San Francisco Monday morning to a standing ovation.
He and his colleagues spent the morning detailing the the hundreds of improvements that Apple has been making to its personal computer operating system, its mobile device operating system, and its revamped online computing strategy.
The biggest change Apple revealed was its iCloud strategy, which replaces its MobileMe subscription service, which was plagued by inconsistency.
The new iCloud service is free, and it automatically synchs document, photo, music and book applications across multiple devices.
From TalkingPointsMemo: http://idealab.talkingpointsmemo.com/2011/06/apple-unveils-cloud-computing-strategy.php?ref=fpb
The Internet has been an amazing force for good in the world—opening up communications, boosting economic growth and promoting free expression. But like all technologies, it can also be used for bad things. Today, despite the efforts of Internet companies and the security community, identity theft, fraud and the hijacking of people’s email accounts are common problems online.
Bad actors take advantage of the fact that most people aren’t that tech savvy—hijacking accounts by using malware and phishing scams that trick users into sharing their passwords, or by using passwords obtained by hacking other websites. Most account hijackings are not very targeted; they are designed to steal identities, acquire financial data or send spam. But some attacks are targeted at specific individuals.
Through the strength of our cloud-based security and abuse detection systems*, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.
More available at: http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html
The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.
The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country’s military.
In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.
Recent attacks on the Pentagon’s own systems—as well as the sabotaging of Iran’s nuclear program via the Stuxnet computer worm—have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks. A key moment occurred in 2008, when at least one U.S. military computer system was penetrated. This weekend Lockheed Martin, a major military contractor, acknowledged that it had been the victim of an infiltration, while playing down its impact.
The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the U.S. can ever be certain about an attack’s origin, and how to define when computer sabotage is serious enough to constitute an act of war. These questions have already been a topic of dispute within the military.
from the Wall Stree Journal Online Edition: http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html#ixzz1O2IRBK5j
Hackers may have infiltrated the networks of top U.S. weapons manufacturer Lockheed Martin Corp., according to a person with knowledge of the attacks.
The security disruptions, reported Thursday by Reuters, prompted the company to step up measures to protect its data. It wasn’t immediately clear if any sensitive information was stolen or compromised.
Lockheed spokesman Jeffery Adams said the company, as a matter of policy, didn’t discuss specific cyber threats or measures taken in response.
“However, to counter any threats, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data,” he said. “We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multilayered information systems security.
from the Wall Stree Journal: http://online.wsj.com/article/SB10001424052702303654804576350083016866022.html?mod=googlenews_wsj
Using intermediaries and inexpensive computer disks, Osama bin Laden managed to send emails while in hiding, without leaving a digital fingerprint for U.S. eavesdroppers to find.
His system was painstaking and slow, but it worked, and it allowed him to become a prolific email writer despite not having Internet or phone lines running to his compound.
His methods, described in new detail to The Associated Press by a counterterrorism official and a second person briefed on the U.S. investigation, frustrated Western efforts to trace him through cyberspace. The people spoke to the AP on condition of anonymity to discuss the sensitive intelligence analysis.
Bin Laden’s system was built on discipline and trust…
From Yahoo News: http://news.yahoo.com/s/ap/20110513/ap_on_re_us/us_bin_laden
A hacker has obtained the personal information of PlayStation Network account holders and subscribers of the Qriocity streaming service, Sony said in a message to customers Tuesday.
Sony’s investigations over the past week determined that an “unauthorized person” had obtained users’ names, home addresses, e-mail addresses, birth dates and passwords, according to a statement being sent to all account holders.
The attack also has crippled Sony’s PlayStation Network, which has some 70 million subscribers and has been down since April 20. The network lets customers download video games from the Web and play against each other online.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” said Sony Computer Entertainment and Sony Network Entertainment, which manage the two services, in a joint statement.
The hacker could have taken credit card numbers, card expiration dates, billing addresses, answers to security questions and purchase history, but not credit-card security codes, they said.
Sony is encouraging customers “to protect against possible identity theft or other financial loss” by reviewing credit-card statements. The company also suggested that some customers may want to place a “fraud alert” with credit bureaus.
Sony did not say how many accounts had been compromised. A spokeswoman declined to comment Tuesday.
From CNN Tech: http://www.cnn.com/2011/TECH/gaming.gadgets/04/26/playstation.network.hack/index.html