FOLLOW US ON FACEBOOK!
Thursday, August 25, 2011
This weeks Low-down on hacker activity compliments of our friends at SecurityProNewz.com
Aleph-Naught PII Records On The Wall
By: Joe Purcell
Remember that old song "Aleph-Naught Bottles of Beer on the Wall"? Of course not, because it's actually 99, but when it comes to security breaches it makes more sense to start counting down from aleph-naught. The amount of Personally Identifiable Information (PII) exposed on the internet is perhaps a never ending event, just like the song. Gabia, HSBC Korea, Epson Korea, Yale, SCMLC, ShoWorks, and RBS were all involved of data loss amounting to 433,652 records and information on one of Vanguard's senior VPs was made public.
According to Reuters, information involving 350,000 customers of Epson Korea. There were a number of related attacks were made on other Korean companies including the domain registrar Gabia and HSBC Korea's website was brought down for an hour which disabled their online banking service.
Yale University fell prey to Googlebot's indexing. Google modified its search engine in September of 2010 to be able to index FTP servers, but university was unaware. As a result, some 43,0000 social security numbers were made available on the internet and remained for 10 months until June 30th when the breach was discovered. Yale Daily Newscovers the incident and explains that the file was hidden on their server under a misleading filename, but was not enough to prevent finding it on the internet.
Identity Finder which attempts to minimalize data loss exposure discovered 311,778 social security numbers belonging to Southern California Medical-Legal Consultants (SCMLC). The issue was discovered on May 11th of this year, but was not mentioned in press release by Identify Finder until this week.
The company ShoWorks Inc was victim of an attack that exposed the emails and passwords of 20,000 employees through the allianceforbiz.com website. The information leaked included other information as well.
An email sent from a Hayse plc employee to 800 staff at the Royal Bank of Scotland (RBS) contained the pay rates for 3,000 contractors. According to the FT article, the IT staff was able to delete half of the emails before people had the chance to read them.
Perhaps most startling was the sensitive information obtained regarding the senior VP Richard Garcia at Vanguard. Vanguard produces the ShadowHawk Unmanned Aerial System (UAS) which is used by the military and other corporations and law enforcement around the world. The company is contracted by both the Pentagon and FBI which is why it was chosen according to Anonymous' press release. CNET reports that in a conversation with Vanguard's CEO "there was no breach of its servers or Web site, but rather that it was Garcia's personal Gmail account that was accessed." He goes on to state that the 1GB of information obtained by AntiSec involved Garcia's involvement at InfraGard and that no sensitive or proprietary information of Vanguard was exposed. This is certainly not the first time hackers have hijacked email accounts of federal or related officials.
Continue reading this article.
By: Joe Purcell
Remember that old song "Aleph-Naught Bottles of Beer on the Wall"? Of course not, because it's actually 99, but when it comes to security breaches it makes more sense to start counting down from aleph-naught. The amount of Personally Identifiable Information (PII) exposed on the internet is perhaps a never ending event, just like the song. Gabia, HSBC Korea, Epson Korea, Yale, SCMLC, ShoWorks, and RBS were all involved of data loss amounting to 433,652 records and information on one of Vanguard's senior VPs was made public.
According to Reuters, information involving 350,000 customers of Epson Korea. There were a number of related attacks were made on other Korean companies including the domain registrar Gabia and HSBC Korea's website was brought down for an hour which disabled their online banking service.
Yale University fell prey to Googlebot's indexing. Google modified its search engine in September of 2010 to be able to index FTP servers, but university was unaware. As a result, some 43,0000 social security numbers were made available on the internet and remained for 10 months until June 30th when the breach was discovered. Yale Daily Newscovers the incident and explains that the file was hidden on their server under a misleading filename, but was not enough to prevent finding it on the internet.
Identity Finder which attempts to minimalize data loss exposure discovered 311,778 social security numbers belonging to Southern California Medical-Legal Consultants (SCMLC). The issue was discovered on May 11th of this year, but was not mentioned in press release by Identify Finder until this week.
The company ShoWorks Inc was victim of an attack that exposed the emails and passwords of 20,000 employees through the allianceforbiz.com website. The information leaked included other information as well.
An email sent from a Hayse plc employee to 800 staff at the Royal Bank of Scotland (RBS) contained the pay rates for 3,000 contractors. According to the FT article, the IT staff was able to delete half of the emails before people had the chance to read them.
Perhaps most startling was the sensitive information obtained regarding the senior VP Richard Garcia at Vanguard. Vanguard produces the ShadowHawk Unmanned Aerial System (UAS) which is used by the military and other corporations and law enforcement around the world. The company is contracted by both the Pentagon and FBI which is why it was chosen according to Anonymous' press release. CNET reports that in a conversation with Vanguard's CEO "there was no breach of its servers or Web site, but rather that it was Garcia's personal Gmail account that was accessed." He goes on to state that the 1GB of information obtained by AntiSec involved Garcia's involvement at InfraGard and that no sensitive or proprietary information of Vanguard was exposed. This is certainly not the first time hackers have hijacked email accounts of federal or related officials.
Continue reading this article.
| About the Author:
Joe Purcell is a technology virtuoso, cyberspace frontiersman, and connoisseur of Linux, Mac, and Windows alike. |
