Hacktivist group Anonymous is at it again, this time targeting Brazilian websites apparently in protest of Brazil’s costly hosting of the FIFA World Cup. While more traditional protests had been going on for many months with only nominal impact and attention, Anonymous immediately gained the media spotlight after claiming through Twitter to have hacked over 100 websites, including Brazil’s federal police website. Many of the website attacks consisted of Denial of Service assaults or simple defacements, but Anonymous sharply made their point by posting a list of logins and passwords purportedly from the police website, as well as claiming to also have harvested numerous operations documents and email exchanges.
What this means for you:
Just like any hot media item, hackers will be leveraging the globe’s enthusiasm for the World Cup, and it’s likely you will see spam and phishing attempts based around news, events and celebrities of the sport. As always, avoid clicking links in emails unless you can verify they lead to legitimate websites. Cybercriminals will also be counting on plenty of people searching for news about World Cup matches, so make sure you examine your search results carefully and only visit websites you know and trust. Don’t rely just on your antivirus software to protect you – use your common sense laced with a healthy dose of skepticism to avoid hackers scoring a goal on you.
Telecommunications giant AT&T disclosed on June 13 that three employees of one of its vendors used their privileged access to hack a server containing sensitive customer data, including Social Security Numbers, birth dates and cellular phone numbers. Thus far, AT&T hasn’t revealed how many are affected by this breach, and for the moment it appears that the hackers gained unauthorized access for the purposes of unlocking older generation AT&T phones for use on other carrier networks. The breaches happened in April, but AT&T is only just now notifying affected customers.
What this means for you:
Unlike previous data breaches, the exposed customer data hasn’t appeared for sale (yet!) on the internet black market, but AT&T is offerring a free year of credit monitoring as a mea culpa to its affected customers. If you were affected by this breach, you should have already received a notice from AT&T of the potential exposure. This latest breach demonstrates an important point about security: no matter how much you invest in protecting your perimeter, serious threats may already be behind your “firewall”. As an individual, there is very little you can do to help AT&T be more secure, but you can take your credit history and activity seriously, and always keep your eyes peeled for unusual activity on any online account, regardless of whether they are financial services or not.
Coming hard on the heels of the international sting two weeks ago that resulted in the arrest of nearly 100 “RATters”, law enforcement agencies in several countries again acted together to take down two very large botnets that together number well over 1.2 million compromised Windows computers, arresting a Russian hacker who allegedly managed the powerful zombie networks. Botnets are essentially large collections of “zombified” computers that can be controlled remotely and are a favored tool of cybercriminals and hackers that can execute a variety of activities including widespread phishing campaigns to steal sensitive personal data and focused DOS attacks used to cripple websites and servers.
What this means for you:
The UK Crime Agency believes that though they have control over the botnets for the moment, that control won’t last long – maybe 2 weeks – before the zombified computers are drafted into another botnet. In those 2 weeks, the various involved law enforcement agencies are hoping to take advantage of the temporary reprieve to notified the owners of the infected machines that they need to clean up their computers ASAP. If you receive a conspicuously official looking notice from some form of local law enforcement, it might be legitimate and not just another scareware scam. Some obvious signs that your computer might be infected (and possibly part of the one of the 2 busted botnets) include:
- Websites loading in your browser that are clearly not where you intended to go, or what the search results said they would be
- Computer performing unusually slowly or erraticly, unexpected crashing or other unusual behavior
- Files suddenly becoming corrupt or unusable
The last one is of special concern – it could mean your computer is infected with Cryptolocker, a nasty bit of malware that locks your files up and holds them for ransom. This might also mean that even if you were inclined to pay the ransom to get your data back, you may not be able to, as the take down of the botnet may also result in no one, criminal or lawful, being able to unlock your files. Sadly, if you hit this point and don’t have a recent backup of your data, it is gone forever.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
A new scam to extort money out of Apple mobile device users has surfaced in Australia, with scattered reports in other countries as well. Affected devices are locked out via Apple’s own “Find my iPhone” platform with a message that demands a ransom payment of $100 USD to unlock the phone. Security analysts are unsure at this point as to how the perpetrators are gaining access to victim’s AppleID accounts, and so far Apple is refusing to comment on this issue. According to posts on Apple’s Support Forums, the only reliable way to unlock the device is to reset it back to factory settings and restore your data from a backup, if one was actually created and maintained for that device.
What this means for you:
So far, there is a tenuous link between some of the victims and the recent eBay hack that exposed user accounts and encrypted passwords, where the victims admitted to using the same password for both eBay and iCloud. However, several other victims of this new ransom scam did not use the same password as their eBay account, so eBay’s exposed data may not be the only source. Bottom line, you should use strong, unique passwords for online accounts, especially for the ones that are tied to important services like online banking, email and any account that has access to confidential data, either yours or your clients/customers.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
It’s a beautiful day on the internet when I can report good news instead of bad. In what appears to be a new and very positive trend in modern law enforcement, several agencies around the world came together in a global sting that bagged nearly 100 cybercriminals selling and using the Remote Access Tool (RAT) “Blackshades”, a very popular hacking tool used to spy on and even extort thousands of victims through their compromised computers. Lest you think this is a new trend in cybercrime, “Ratting” has been around for years, but perhaps its profile was elevated through the unfortunate victimization of Miss Teen USA 2013, Cassidy Wolf, high enough to galvanize authorities to do something other than attempting to squash Ratters one at a time.
What this means for you:
According to analyst estimates, Blackshades was being used to compromise hundreds of thousands of computers world-wide at the time of the sting. It was readily available and cheap, and did not require sophisticated technical skills to use. In the case of Ms. Wolf, the software was installed by a former acquaintance, but typically users are infected and “ratted” through a link on Facebook or via email, often sent by other infected machines. As with any malware incursion, a healthy level of caution and up-to-date antimalware could have prevented the infection, and in the case of Miss Teen USA, a great deal of heartache and trauma. If you are one of the many who refuse to lock their unattended computers with a strong password, consider the victimization of Cassidy Wolf as a cautionary tale and take immediate steps to secure your privacy and safety.
As a parent, there is perhaps nothing more frightening than to have your child’s well-being threatened, and when that threat comes from a device meant to help safeguard children (and relieve parental anxiety), the impact can have far-reaching implications. Proving that some hackers out there have no grasp of human decency or compassion, there have been at least two separate known incidents of network-enabled baby monitors being hacked and then used to audibly taunt and yell at the toddlers devices were monitoring. In both cases, the devices weren’t hacked in the true sense of the word, but were exploited through a weakness that is common across the internet: easy-to-find default passwords. The parents, not knowing that the passwords should be changed, left the devices configured as they came out of the box, and the baby-screamers used that opening to perpetrate their irredeemable acts.
What this means for you:
In comparison to the above, getting hacked as an adult seems almost laughable, but when you think about it, it’s just as scary. In case you missed my blog about “ratting” and you aren’t feeling insecure enough about your security and privacy, you should have a read. The lesson hard-learnt here is this: make every attempt to understand all the devices you use, especially the ones that may be safeguarding the security, privacy and happiness of your family. Read the instructions that come in the box, and if they are incomprehensible, get on the internet and ask questions, or grab your nearest tech geek to have them review the device for potential security issues. Don’t take for granted that a device manufacturer (or website publisher, or software programmer) has your security and privacy top of mind when they are making and marketing their product. The lure of profit encourages even the most trusted brands to cut corners on occasion, which can lead to scary situations like the above.
I shouldn’t have worried that my special “Microsoft Zero-day Warning” graphic was going to gather dust. Would it surprise you to hear that a serious security flaw has been found in all versions of Internet Explorer up to the latest, version 11? This particular loophole allows attackers to use a specially crafted Flash file downloaded from compromised websites (like the ones linked to in spam, scams and phishing emails) to gain full access to your computer, and will likely lead to a badly infected computer and theft of your personal information. Though there are some band-aids offered by Microsoft, as of now there is no word whether this hole will be plugged by an emergency patch released soon, or on “Patch Tuesday” (2 weeks from now), or even later than that. Because of the severity of the security flaw, even the Department of Homeland Security is recommending everyone avoid using IE until this is fixed. Oh, and remember Windows XP? It won’t be getting patched, so yet another burning reason to switch browsers, and upgrade as soon as possible.
What this means for you:
This flaw is being exploited “in the wild” as you read this, though not widespread yet, and has thus far been used to target government employees and defense contractors. Given how large the target surface is, this exploit is highly likely to spread beyond these focused attacks. Unless your work requires it (or disallows the use of other browsers), you should stop using Internet Explorer for anything except known work-related websites. And if you have to use IE, you can disable the Flash add-on until the hole is plugged. This article from Microsoft explains how to do this, but make sure you use the little drop-down to the right of the headline to switch to the appropriate version of IE for specific steps. Chrome, Firefox or Safari are good alternatives to IE, and who knows, you may find that they can permanently replace IE for most of your web browsing tasks.
In December 2013, French security hacker Eloi Vanderbeken uncovered what appeared to be a backdoor programmed into several models of DSL routers. The affected devices were built around hardware manufactured by Taiwanese company SerComm and the finished products came from several well known brands like NetGear, Linksys and Belkin, to name a few. This backdoor allowed anyone with knowledge of the hole and local access to the router (say through a nearby Wi-fi access point) to gain administrative access to the router and could lead to a complete takeover of the network controlled by the device. Now, several months later, this backdoor is not only NOT fixed, but appears to have been purposefully concealed behind the digital equivalent of a secret knock, which once given, opens the backdoor right up to the same level of exploitation as discovered in December.
What this means for you:
If you own a DSL router, you should check this list to see if your model appears on it. If it does, I recommend replacing it immediately. Even if it does not, you should check to see if your router is among the many models that are compromised in other significant ways. If you happen to be among the fortunate that uses a router not on any of these lists, you should still review the security settings and passwords used by the device, and if you don’t know how to program or even access your router, you need to get someone who does to review the device for you. The router is the front door to your home or business network, and you should not trust your security to something that can be easily broken down or opened with a readily available master key.
Image courtesy of creativedoxfoto / FreeDigitalPhotos.net











