CyberInsecure.com

Archive for December, 2011

The hacking group “Anonymous” on Sunday Christmas claimed it has stolen thousands of credit card numbers and personal information of clients of the U.S. based security think-tank Stratfor and pilfered funds it gave away as Christmas donations to charity.

Anonymous said it stole information from organizations and individuals that were clients of Stratfor, including Apple Inc., U.S. Air Force the Miami Police Department. They said they obtained more than 4,000 credit card numbers, passwords and home addresses. Some clients of Stratfor have confirmed unauthorized transactions linked to their credit cards.

Stratfor is a company providing services to help clients manage risk. The company charges subscribers for reports and analysis it issues. The company’s main website was down in Sunday with the message: “site is currently undergoing maintenance.” Most of the victims were individual subscribers and not companies and government agencies. Anonymous in a Twitter message taunted Stratfor, saying: “Not so private and secret anymore?” The group promised that Stratfor was only the beginning of attacks to come.

Anonymous claims that it was able to steal as much as 200 gigabytes of information from Stratfor because Stratfor did not bother to encrypt them. This Revelation, if true, is serious indictment of a security services related company. The hackers published a list of what they claimed was Stratfor’s client list and tweeted a link to encrypted files with stolen names, phone numbers, emails addresses, credit card and account details. The hackers claimed that the information they have published so far is only a small part of what they stole from Stratfor.

PC Magazine reports that besides using the stolen funds for donations to charity the attackers said they were also hoping to use the incident to draw attention to the case of Pfc. Bradley Manning of the U.S. Army who is on trial over alleged involvement in leak of hundred of thousands of confidential military documents. A statement that claimed to be from the hackers said: “We hereby ask that Bradley Manning be given a delicious meal this Lulzxmas, and no, not the ‘holiday special’ in the prison chow hall. We want him out on the streets at a fancy restaurant of his choosing, and we want this to happen in less than five hours.”

values greatly. This hack is most definitely not the work of Anonymous.”
Huffington Post said that credit card owners whose cards have been hacked may contact the credit card company to dispute the charge. A member of Anonymous said on Twitter that 90,000 credit cards from law enforcement, the intelligence community and journalists have been hacked and used “steal a million dollars” for charity donations. The statement mentioned “corporate/exec accounts of people like Fox” News. But Huffington Post reports it was not possible to verify the claims.

Credit: DigitalJournal.com

In a breach of security at Ultimate Bet, information from every player’s account had been publicly posted on the internet, revealing personal information of approximately 3.5 million poker players holding accounts at the nearly-dead poker site.

A popular poker forum website posted a link to the account information via an anonymous posting, but removed the link roughly eight minutes later. In that short span of time, enough people identified the link and apparently passed the information around privately.

The data leaked from the accounts included each player’s name and screen name; birth date; email, mailing and IP addresses; phone number; deposit methods typically used; VIP, affiliate and blacklist statuses; account balance; and players’ UB account numbers, but not bank account numbers as far as we know.

The data listed was organized by specific countries, with about 2 million accounts from the U.S., 319,000 Canadian accounts, 137,000 United Kingdom accounts, and approximately 1 million accounts from all other countries combined. The data contained more than a dozen other columns which were not clearly identifiable. The unidentifiable columns were not labeled and contained inconsistent information. For example, one column that listed IP addresses also contained physical addresses and another column listing screen names for some users contained account numbers for different users.

The data is still partially available in Google cache. Files organized by country:

One of the files showing details in XLS format in Google cache:

Financial information of each player, excluding account balances and deposit methods, was not listed. And no personal credit card numbers were shown either. It is not known who leaked the account information or the reason why.

Ultimate Bet and Absolute Poker, who together make up the Cereus Network and were the third largest internet poker network prior to Black Friday, have been virtually defunct since the U.S. Department of Justice’s actions that seized their domains and much of their assets and indicted the company’s principals in mid-April. Since that time, most of the poker room’s players haven’t been able to cashout, while some overseas non-U.S. players have been able to withdraw small amounts sporadically. In mid-June, it was reported that both poker sites combined had only approximately ten percent of the funds owed to players, said to be $54 million. Toward the end of October, the Kahnawake Gaming Commission, who issued the operator’s license to the Cereus Network, announced that company owners were planning to liquidate assets to reimburse players with money in their account balances at the sites. However, the company’s full assets are not known.

The data leaked on the internet was exclusive to Ultimate Bet players and did not include Absolute Poker players. Ultimate Bet players with valid accounts on the site should be vigilant in realizing that personal account information may have gotten into the wrong hands and to be wary of suspicious phone calls or emails received. Account holders would also do well to ensure that their online passwords to email addresses and other login information to various accounts is sufficiently secure to ward off any possibilities of identity theft or fraudulent activity.

Various players at the Cereus Network have reported the inability to join real money sit-n-go tables the last two days. It is possible to log onto the network, but attempting to join a sit-n-go table results in nothing happening. There are a couple players listed as sitting at sit-n-go tables waiting for more players, but these are believed to be props. At the time of this writing, there was only one real money table in action, a $.01/.02 no-limit hold’em table with an average pot of $.44. At the lone table, 57% of players were seeing the flop and 120 hands were being played per hour. However, play money tables are quite populated and going strong.

Credit: PokerNewsReport.com

If you used a credit card between the dates of Sept. 21 and Nov. 18th at national restaurant wholesalers Restaurant Depot or Jetro Cash & Carry, then you should probably know that Russian cyberthugs wearing leather blazers and gold chains and stinking of Armani Aqua di Gio are currently selling your information on the black market.

The following is an excerpt of the letter currently being sent to all customers deemed to be at risk:

“We recently determined that computer hackers stole credit and debit card information from the card processing system we use…”

“You are receiving this letter because we believe your credit or debit card information was stolen. This letter explains actions we have taken in response to the theft and describes some actions you can take to protect yourself against fraud.”

“How the thieves stole the card information — The investigators determined that the thieves inserted malicious software or ‘malware’ into the credit and debit card processing systems we use in our stores. The malware collected card information as it was processed, stored it temporarily, and then sent it to a computer server in Russia.”

If you’re wondering if you’ve ever shopped at a Restaurant Depot but aren’t quite sure, run through this simple checklist:

1. Do I regularly purchase kitchen items like bacon and mayonnaise in bulk?
If you answered NO, please skip to step 5.
If you answered YES, continue to:

2. Do I belong to Restaurant Depot?
If you answered NO, please skip to step 5.
If you answered YES, continue to:

3. Have I noticed any strange charges on my accounts lately, say, for one dozen lynx fur jackets with fox trim?
If you answered NO, please skip to step 5.
If you answered YES, continue to:

4. You MAY be at risk for credit card fraud. Please contact your credit card company immediately.

5. You are NOT at risk for credit card fraud. Continue gorging yourself on bacon and mayonnaise in sensible quantities, free from worry.

Credit: Gawker.com

International Checkout customers began receiving emails that alert them on the fact that the organization has recently fallen victim to a cyberattack which resulted in the theft of a large quantity of personal information, including credit card details.

“International Checkout was recently the victim of a system intruder who was able to access encrypted credit card information,” reads the email provided by SpywareSucks.

“You are receiving this email from International Checkout because your credit card information was in the database which was compromised.”

It seems as the breach was discovered sometime in mid-September and an investigation has immediately commenced. Besides the fact that the authorities were notified of the issue, the credit card information from the databases was removed to make sure no one still had access.

Even though the information was encrypted, the attacker managed to obtain the encryption key that was stored in a separate location.

“As a precaution, International Checkout is providing notification to people whose information may have been in the database that was accessed so that if it turns out the information was compromised in any way, they can take the appropriate measures to protect themselves,” the notification adds.

The company is advising customers to closely monitor their bank account statements for any suspicious transactions. Bank account numbers were not exposed, but credit cards numbers were and in some situations the financial institutions involved may even recommend the changing of the account number.

An important thing customers should know is that they will not be directly contacted by International Checkout, unless they call them first. They alert individuals on the fact that some might profit from the situation and call them pretending to represent the firm, requesting sensitive information.

“We will not call you to ask for bank account information or personal identification numbers (PINs) or for your full credit card or social security number.”

Unfortunately, a lot of companies are on International Checkout’s partner list so the number of potential victims is high and people are already starting to complain about abusive transactions made with their credit cards. Some of the websites listed on http://www.internationalcheckoutsolutions.com/merchant-partners.php include TahoeMountainSports.com, MoreschiShoes.com, LaurenKlein.com, SofiaBean.com, EnvyCig.com, WTeaShop.com, PromoStadium.com, PTTechSolutions.com, ViveDecor.com, HUFWorldwide.com, SavingLots.com, MGallerie.com, Audioque.com, LuckyTeria.com, FrankliWild.com, Vivarati.com, BuyRailings.com, RackMountSales.com.

Credit: Softpedia.com News

One of the developers of a network exploration and security auditing tool called Nmap is accusing CNET of bundling free software with Trojans and shady toolbars, and serving them on their Download.com website.

Gordon Lyon, also known as Fyodor claims he discovered that Nmap and other free applications such as VLC are downloaded with pieces of malware attached and according to the Virus Total submission, 10 out of 39 vendors detect the Nmap installer as containing a Trojan.

“They even provide the correct file size for our official installer. But users actually get a Cnet-created trojan installer. That program does the dirty work before downloading and executing Nmap’s real installer,” Fyodor said.

He’s also upset with the fact that CNET utilizes their Nmap trademark as if they were involved in the fact that the tool is not actually clean.

“In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap’s copyright,” he adds.

He states that in many cases users will not look at what they’re downloading or installing and they’ll just end up with a changed homepage, an extra toolbar and maybe even a malicious element.

His biggest fear is that Nmap users will believe that all these extras actually come from the developers, thus ruining their reputation.

“We’ve long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net’s Download.com, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity!”

CNET offered them the opportunity to opt out of the Download.com Installer, but Fyodor says he’s not going to stop here. He is now in search of a copyright attorney as he’s sure his rights have been violated.

At the time of writing, the Nmap installer on download.com seems to be clean so maybe the company already acted on the warnings received from the devs.

Credit: Softpedia.com News

Security researchers have discovered an unpatched flaw in Yahoo! Messenger that allows miscreants to change any user’s status message.

Hijacked status updates are a handy way to persuade a victim’s contacts to click on a link and lead them to a dangerous website. Worse still, the bug in version 11.x of the Messenger client requires minimal user interaction to work, unlike previous exploits that relied on conning prospective marks.

The attacker sends a supposed file to a target that is actually an iframe that swaps the status message for the attacker’s customized text, as explained in a net security firm BitDefender blog. The message might be, and in most attack scenarios would be, sent firm outside a targeted user’s contact list.

If successfully executed, a victim will have no indication that his or her status message has been rewritten. The ruse might be used to gain affiliate incomes by promoting dodgy sites as well as directing users towards sites loaded with exploits or scareware scams.

Bitdefender said it has notified Yahoo about the vulnerability. Attacks based on the as yet unfixed flaw have already been detected in the wild, the Romanian security firm warns.

It advises users to change the setting of their IM client to “ignore anyone who is not in your Yahoo! Contacts” (which is off by default) as a precaution pending the release of a patch. In addition, some security suites include a web filter function that ought to defend users from this attack.

Credit: The Register