What The Hack?

Techie Times

What the Hack?
Tuesday June 14, 2011

Until recently, most banks have allowed customers to easily access their accounts via the internet and mobile devices without having to go through too many inconvenient security checks in order to confirm their identity. So what will happen now that Citigroup's network has been compromised and over 200,000 credit-card holders in North America are at risk? Like Sony before it, Citibank has received recent criticism for failing to report the security breach immediately. Bank officials said the hackers did not get access to social security numbers, birth dates, card expiration dates or card security codes. But how are we supposed to believe that when they concealed the attack in the first place and failed to report the security breach to the FBI when they were supposed to? According to a statement made by the bank, the hackers did acquire customer names, account numbers and contact information. CitiBank's advice to the 200,000+ victims: "Customers affected by this incident should be on high alert for scams, phishing and phone calls purporting to be from Citibank and their subsidiaries. While Citi customers aren't likely to have fraudulent charges against their accounts as a result of this breach, they are likely to encounter social engineering attempts to enable further crime. Considering that the attackers have your name, account number and other sensitive information they are able to provide a very convincing cover story to victims." This recent string of "Hacktivism" has turned into a North American nightmare, to say the least. However, Great Britain has also experienced some difficulties as of late. On June 12, 2011 the UK based game company Codemasters has revealed that it has suffered a hacking attack, compromising personal information, Gamertags, and encrypted password information. Codemasters publishes for all platforms including Microsoft Xbox 360™, Sony® Playstation® 3, Sony Playstation Portable, Nintendo DS, PC-DVD and Nintendo Wii™, mobile phones and they also provide persistent online services. And all of these are companies that were involved in the Electronics Conference last week to announce their new technology (look back at last weeks Daily for Monday June 6th). That was the very conference that Sony rendered a public apology for the recent network shutdown  in April that compromised the personal information of over 100,000,000 people and led to many identity theft incidences. Sony's online movies website has recently fallen victim as well. The RSA division of EMC corp was hacked, which compromised government defense contracted Lockheed Martin, and the SEC (Securities and Exchange Commission) Now the RSA is replacing or monitoring every code key it's issued. Other major companies that have been recently hacked are the likes of Sony, and  Google, and in response by the Chinese to the accusations of Google regarding the hacking of Gmail accounts, the Chinese military is blaming the U.S. government for deliberately launching a global “Internet War” to bring down China. Meanwhile, Sony, the favored "whipping boy" of hackers, has had a recent win. The Spanish Police have made 3 arrests of men affiliated with the "Anonymous" group. According to Spain's Technological Investigation Brigade (BIT) the men operated a cell of Anonymous, directing internet attacks against the likes of the Sony PlayStation store, and websites belonging to the governments of Egypt, Chile, Iran, Colombia, Algeria and Libya. According to Sony, more than 100 million accounts were affected in the previous month long shutdown, making it one of the largest data breaches ever. But Sony has been compromised yet again! The news hit headlines as just Sony's execs presented live onstage at E3. The hack was again performed by Lulz Security (known as LulzSec, which "kindly" hacked Nintendo to prove a security hole exists) and the team has posted files relating to the Sony Computer Entertainment Developer Network online as proof. Other victims of LulzSec are PBS, InfraGard (division of the FBI), Nintendo, Black & Berg Cybersecurity Consulting, National Health Service, Porn websites, Bethesda Studio, and the most recent victim is the United States Senate. That's right folks, one of our major government entities was compromised and reported just yesterday, and quite severely too. To quote their release notes on the LulzSec website: Greetings friends, We don’t like the US government very much. Their boats are weak, their lulz are low, and their sites aren’t very secure. In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more! This is a small, just-for-kicks release of some internal data from Senate.gov - is this an act of war, gentlemen? Problem? Take a peek on the  website and you will see what follows that information is a considerable about of data regarding the internal server structure of the senate.gov website. Talk about getting caught with your pants down! So how are the Democrats doing these days? Is Congress on their hit list too? If it is, I hope they restructure their pay scale. But wait, that's not all. Just the day before,  on June 12th, the IMF announced that it has been targeted by cyber attackers seeking to access sensitive information on a global level. The attack actually happened earlier this year and had resulted in "a very major breach". Already there has been speculation that, like the recent attack on Google, certain key individuals may have been the victims of a malware, spear phishing digital assault. The hack was designed to install malicious software that would create a "digital insider presence", allowing the hackers access to all the fund's sensitive financial data. The IMF stands for the International Monetary Fund and it is supposed to manage global financial crisis, storing confidential data about economies all across the world. If sensitive information obtained by the hackers is leaked, some data in IMF computer systems could be used to manipulate or profit from bonds and currencies around the world. And this happened shortly following their announcement on June 6th that there is "no need for policy change on UK economy." In case you didn't know, the IMF and the World Bank both emerged in 1944 at the Bretton Woods Conference (United Nations Monetary and Financial Conference) in order to regulate the International monetary and financial order after the conclusion of World War II. Agreements were signed to set up the International Bank for Reconstruction and Development (IBRD), the General Agreement on Tariffs and Trade (GATT), and the International Monetary Fund (IMF) The Bretton Woods system of exchange rate management was set up, which remained in place untill the early 1970s. It didn't become operative until 1959, when the European currencies became convertible. In 1995 during the Uruguay Round of GATT negotiations established the World Trade Organization (WTO) as the replacement body for GATT. Typically the IMF was head up by a European, and the World Bank has been head up by an American, however, that American has always had some affiliation with Chase Manhattan, now J.P. Morgan. This breach in security happened on the heels of the former chief of the IMF, Dominique Strauss-Kahn's, being arrested for allegedly sexually assaulting a hotel maid 3 weeks prior to the incident. Just after the attack the fund's sibling, the World Bank, severed all its computer and network links to the IMF. The World Bank has since released a statement that it has resumed normal service and found no evidence of an attack or breach on its own network. And in the midst of all of this commotion, someone leaks to Reuters that Hilary Clinton wants to be the head of the World Bank, which she now denies. But it sure stirred up some interesting responses when that hit the Yahoo new feed didn't it? So is this directed at the U.S. or is something more sinister happening on an international level? There are 3 separate groups which have been identified in recent attacks: the Chinese, the Anonymous group, and LulzSec, all of which are considered to be Hacktivists. What is most alarming is these groups are from outside of the U.S. and are attacking  governments and other corporations that could facilitate a financial destablization of our current economy. Have we not gone through enough as it is? This is a serious form of Cyber Terrorism and puts very real people at risk, along with their identity and financial profile.  So for all the laughs that LulzSec is getting, and the vengeance that the Chinese are taking out on us, and the data that the anonymous group is exploiting, they are compromising the safety and security of millions of people, not just in the U.S. but world wide. I think it's time we put our own team together to hack back at the hackers. Google already did! Stay up to date on breaking news of cyber attacks with the Hacker News Network Add us: Real 2 Net on Facebook Real 2 Net on YouTube Real 2 Net Web Site

Powered By Real 2 Net Media©