Criminal Hackers

Adidas shuts down sites after cyber attack

Some Adidas Web sites remain offline today as a result of a "sophisticated" cyber attack discovered last week, the German sportswear company said.

"On November 3, 2011, the adidas Group found out that it was the target of a sophisticated, criminal cyber-attack. Our preliminary investigation has found no evidence that any consumer data is impacted," the company said in a statement on its news stream site. "But, while we continue our thorough forensic review, we have taken down affected sites, including adidas.com, reebok.com, miCoach.com, adidas-group.com and various local eCommerce shops, in … Read more

Anonymous threat on Mexican cartel going forward, source says

The most controversial operation the online activist group Anonymous has ever planned appears to be going forward despite the danger it poses.

Anonymous members launched OpCartel last month targeting the Zetas drug cartel, one of the most violent and technologically sophisticated groups in Mexico, in response to the alleged kidnapping of an Anonymous member. In a Spanish-language YouTube video (later released in English), Anonymous said one of its members had been kidnapped while postering in Veracruz. The video demands the return of the alleged kidnapping victim by November 5 and threatens to release information on the organization, as well as … Read more

Zero-day Windows kernel bug used in Duqu infections

Researchers have figured out one way the Stuxnet-like Duqu Trojan is infecting computers--via a Word document that exploits a previously unknown Windows kernel bug.

The installer file is a Microsoft Word document that exploits the kernel vulnerabilty, which allows code to be executed on the infected system, Symantec said in a post on its site. There may be other infection methods used by other Duqu variants that have not been uncovered yet, Kevin Haley, a director with Symantec Security Response, told CNET.

Microsoft is working on a fix, according to Jerry Bryant, group manager for response communications at Microsoft Trustworthy … Read more

Symantec uncovers cyber espionage of chemical, defense firms

Hackers targeted about 50 organizations--including chemical and defense companies--in a global wave of cyber espionage attacks this summer, Symantec said in a report released today.

The goal apparently was to steal intellectual property such as design documents, formulas, and manufacturing processes. "The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," according to the report. (PDF)

Meanwhile, French nuclear power group Areva was reportedly targeted in a cyber attack in September.

The wave of espionage attacks on the chemical and other firms started in late July and continued through mid-September, but command … Read more

Facebook stops 600,000 suspicious log-ins a day

Facebook released an infographic blog post yesterday that says about 600,000 log-ins per day are compromised. That's given some the false impression that there are that many accounts compromised every day.

I asked Facebook to elaborate and was provided with this statement:

While Facebook does block (approximately) 600,000 log-ins per day, it is not that these Facebook accounts are compromised on Facebook, and certainly not that they're 'hacked' as some have written. There may be compromised accounts that appear on Facebook, but more often than not they are compromised off of Facebook--they use the same password … Read more

Facebook account hijacked? Get a little help from your friends

Facebook is set to announce new security features today that will let people set passwords for third-party apps and get help from friends when they can't get into their account.

When hackers hijack accounts, the first thing they typically do is change passwords so legitimate account holders can't get back in. Instead of going through the rigamarole of verifying that you are the legitimate account owner, Facebook will now let friends vouch for you.

The new Trusted Friends feature, which like App Passwords will available for "testing" in coming weeks, lets you select three to five … Read more

Hackers reportedly behind U.S. government satellite disruptions

Hackers are believed to have interfered with two U.S. satellites used to observe the Earth's climate and terrain four times in recent years, according to a draft report to a government covered by Bloomberg Businessweek today.

A Landsat-7 Earth observation satellite system had 12 or more minutes of interference in October 2007 and July 2008, and a Terra AM-1 earth observation satellite experienced two minutes of interference in June 2008 and nine minutes in October 2008, the U.S.-China Economic and Security Review Commission wrote in a draft of its annual report due for release next month. … Read more

When a hacker deletes all your Gmail messages

Many people are concerned about hacked e-mail accounts (even celebrities), but what about when several years worth of your digital file cabinet are deleted, say, by a malicious intruder?

That happened to Deb Fallows six months ago, and her husband, author James Fallows, wrote a riveting account of their ordeal for The Atlantic that makes for fascinating reading.

His words of advice are: use strong, unique passwords on important important online accounts; take advantage of Google's two-step verification service; and back up our cloud-based data on our own. Oh, and act fast. Deleted messages are purged from the Trash … Read more

Digital activists release more banker data

Online activists are at it again. Supporters of the Occupy Wall Street protests today released more personal information on bankers, including the man at the helm of the financial institution whose downfall ranks as the largest bank failure in the U.S.

Information was posted to the Web about Kerry Killinger who was removed as CEO of Washington Mutual shortly before it collapsed in 2008. He was reportedly awarded more than $25 million in compensation that year, including a $15 million severance payment. A lawsuit filed by the U.S. Federal Deposit Insurance Company this year accuses Killinger of leading … Read more

Facebook adds WebSense safe browsing to its defenses

Facebook is adding a Websense Web link blacklist service to its arsenal of defenses designed to protect users from clicking on links that lead to sites hosting malware.

The social-networking site will be using Websense ThreatSeeker Cloud service, which warns people when they click on a link on Facebook that could be malicious, the companies announced today. Facebook will start rolling out the service today.

The partnership follows one that Facebook announced in May with the free Web of Trust safe surfing service. Facebook also has its own blacklist. The larger the pool of blacklists the better the chances users … Read more