Hacking, and Arresting, and Suing, and Legislation! Oh my!
It’s a scary place out there in the cyber world with plenty of hacking, arresting, suing, and legislation going on. We are a long way from Kansas in the 1930′s. 24,000 secret documents were stolen from the Pentagon, LulzSec is back in action in defacement of Sun Times with Murdoch’s obituary, thousands of SMS messages of Megafon users were made public, potentially 76,626 user accounts were leaked, the SAFE Data Act passes a subcommittee, and some 16 members affiliated with Anonymous and LulzSec were arrested.
|Hacking, And Arresting, And Suing, And Legislation! Oh My!|
The Department of Defense suffered one of the “worst digital attacks in history” this past March when 24,000 secret documents were stolen from the Pentagon according to the New York Times. The stolen data involves some of the United States’ most sensitive systems such as “plans for missile tracking systems, satellite navigation devices, surveillance drones, and top-of-the line jet fighters.” To cope with the onset of cyber crimes the US military has created U.S. Cyber Command (CYBERCOM) to oversee military cyberspace resources and operations. Exactly how the organization’s new role will play out in protecting the US is still unclear.
LulzSec has returned. The hackers defaced the The Sun and acquired phone numbers and email logins of executives at News of the World. The defaced page covered a fake story about the death of Rupert Murdoch, but the content is still viewable in a Gizmodo article.
Megafon, one of the largest cellular carriers in Russa, recently leaked SMS history of an unknown number of users. The company’s user base is over 57 million strong. The biggest national search engine Yandex is culprit for having indexed the information, but that is what the company is supposed to do. According to a Eugene Kaspersky’s blog the problem was caused by a Megafon administrator who deleted the robots.txt file which then exposed the pages to web crawlers. As a great learning point, be sure to add the robots.txt to your site unless you would like it promoted on the internet.
There were a number of data breaches as of late as well, the most notably being JLAudio which had 4,827 records of full names, addresses, ages, emails, usernames, and plain text passwords leaked by Abhaxas. The information is still online, but I will only link to a photo of it. The hacker had warned the company in advance. The company released a statement notifying their customers that the site was taken down and that they should change their account information.
Other compromised data includes up to 50,000 accounts of names, emails, and passwords at Rewe, the second largest German grocer, some 2,000 records containing the patient information of Beth Israel Deaconess Medical Center, and 19,799 records including Social Security Numbers at the Swedish Medical Center.
The FBI has arrested 16 members associated with the Anonymous and LulzSec hacking groups. Five others were arrested in Britain and Netherlands. The charge of intentional damage to a protected computer includes a maximum penalty of 10 years in prison and a $250,000 fine, and the charge of conspiracy includes a maximum of 5 years and $250,000. On a similar note, law suites are being filed against banks (also see Crystal Lake), and the insurers of Sony are backing out and suing the company declaring they don’t have to defend against their legal claims.
The cyber landscape is changing, and with new laws in Russia and the US (the SAFE Data Act) companies need to be more prepared for government oversight of sensitive data networks. As Anonymous and LulzSec make their statement, “Expect Us“, what should we be expecting from authorities?