Tag Archives: Hacking

Hackers Access Data of 650K British Pub Chain Customers

Hackers gained access to a database that contained private information about more than 650,000 customers of a chain of British pubs, according to a posting on its website.

JD Wetherspoon reported that about 100 of its customers had the last four digits of their credit and debit card numbers stolen through a breach of the company’s former website. Because the complete numbers hadn’t been stored, the company said no stolen data could be used for fraud.

The website posting indicated the database contained information like email addresses, names, birthdays and phone numbers of 656,723 people. The pub chain’s CEO, John Hutson, said in the posting that neither its customers nor its cyber security specialists gave any indication that anyone had used that stolen customer information for fraud, “although we cannot be certain.”

Hutson said in the posting there were no passwords stored in the database. He asked customers to watch out for suspicious emails, such as ones that ask recipients to respond with personal or financial information or to click on links. Such emails are commonly seen in phishing schemes.

The breach took place in June, the company said in the website posting. The pub chain only learned of the breach last week, and subsequently began investigating and notifying customers.

Huston said in the website posting that JD Wetherspoon has “taken all necessary measures to secure” its website following the breach (the pub chain has since switched to a new website manager that it says has no ties to the hack) and that a forensic investigation is ongoing. The pub chain has also notified the British authority that regulates data protection of the breach.

As of Monday morning, it’s still not known who was responsible for the hack.

The news comes just days after digital toy manufacturer VTech announced that the personal data of millions of its customers was hacked, including some photographs of children. VTech has said it’s cooperating with law enforcement officials from around the world to investigate.

Amazon forces some to change passwords after potential compromise

Some Amazon account holders were required to change their passwords this week after the online retailer found that the information could have been compromised.

Technology website ZDNet first reported the news Tuesday, noting Amazon wrote in an email addressed to affected users that there was “no reason” to believe the information had been leaked.

ZDNet reported the email said Amazon forced the password change as a purely precautionary measure after learning that the passwords might have been improperly stored or transmitted, which could have allowed a third party to access it.

It’s not clear how many people were asked to reset their passwords and Amazon corrected the issue.

The company has recently taken steps to improve cyber security.

Last week, it began allowing customers to require two-factor authentication to access their account. That requires users to not only successfully enter their password to log in to the website, but also a second group of characters that is typically sent to a user’s mobile phone.

TruNews: Charges In Massive Cyberattacks against JPMorgan Chase & Co

TRUNEWS – Prosecutors have announced criminal charges for three men accused of helping to run a series of hacking and fraud schemes, including an attack in 2014 against JPMorgan Chase & Co that generated hundreds of millions of dollars in illegal profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein are named in a 23-count indictment, the three are accused of crimes involving at least nine financial services companies and media outlets, as well as online casinos, payment processing for criminals, and an illegal bitcoin exchange.

A fourth man, Anthony Murgio, is also named in the bitcoin exchange scam.

The charges are the first to be connected to the attack on JPMorgan, in which 83 million customers had their personal data accessed; prosecutors are calling it the largest theft of customer data from a US financial institution.

Other companies who were affected include E Trade  Financial, which says it’s contacted some 31,000 customers who may have been affected.

JPMorgan says it continues to work with authorities in an effort to fight further cybercrimes.

Edward Snowden Claims Smartphones can Easily be Hacked

Whistleblower Edward Snowden rocked the world when he called out the actions of the NSA, but he now has new revolutionary information: UK spy agency GCHQ has the ability to hack into smartphones with encrypted text messages, and the owner would never know.

In an interview with the BBC’s Panorama program, he stated that the GCHQ “invested heavily” into technology that allows them to hack smartphones belonging to the public. The agency could gain access to the phones to take pictures and listen in to conversations.

“They want to own your phone instead of you,” he explained.

Snowden went on to explain that the GCHQ had a collection of secret intercept capabilities called a “Smurf Suite,” named after the cartoon series. Each “Smurf” controls a different aspect of the phone.

“Dreamy Smurf is the power management tool which means turning your phone on and off with you knowing,” he said.

“Nosey Smurf is the ‘hot mic’ tool. For example if it’s in your pocket, [GCHQ] can turn the microphone on and listen to everything that’s going on around you – even if your phone is switched off because they’ve got the other tools for turning it on.

“Tracker Smurf is a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers.”

In order to hack the smartphone, the GCHQ sends a simple text message that is hidden from the owner. That text contains an exploit that allows the agency to control the software of the smartphone.

“You paid for [the phone] but whoever controls the software owns the phone,” Snowden added.

15 Million T-Mobile Customers’ Data Stolen by Hackers

The credit bureau Experian experienced a data breach, revealing user data from approximately 15 million T-Mobile customers.

The data gathered by the hackers included names, addresses, birth dates, and Social Security numbers along with other forms of identification like driver’s’ license numbers. According to T-Mobile, the hackers were not able to get payment information or bank account information.

People affected by the hack may not be current T-Mobile customers. The companies announced that customers who applied for T-Mobile postpaid services or device financing between September 1, 2013 and September 16, 2015 were the ones who could be victims of the hack.

Experian stated in a press release that no evidence has been presented so far that the data has been used illegally or inappropriately. Experian is a widely used credit-information provider that has experienced several security concerns; the T-Mobile hack is just the latest incident. The last cyberattack on Experian was in 2012 when 200 million Americans had their Social Security numbers exposed.

T-Mobile CEO John Legere had strong feelings regarding the breach and said that his company would be looking for a new and more secure service provider.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” but the carrier’s top concern now is helping the people affected, Legere wrote in an open letter on T-Mobile’s site.

Experian North America stated in a notice that it was a business unit that had been compromised, and its consumer credit bureau wasn’t affected. Experian has notified international and U.S. law enforcement.

T-Mobile is now offering free credit monitoring identity resolution services from ProtectMyID for the next two years for their customers that think they may have been affected by the breach. ProtectMyID is a division of Experian.

The breach at Experian is the latest in a string of massive hacks that have claimed tens of millions of customer records. The U.S. Office of Personnel experienced a major hack earlier this year, JPMorgan Chase had a breach of data in 2014, and large retailer, Target, had a major cyberattack on their cash register systems in 2013.

Officials State Hackers Stole 5.6 Million Fingerprints, More Than Previously Reported

The Office of Personnel Management (OPM) announced that 5.6 million fingerprints were stolen in April’s cyber attack, more than five times the amount the agency first reported.

The hackers were able to obtain fingerprints, social security numbers, names, addresses, health information, and financial data from millions of government employees. The OPM stated in June that personnel records of 4.2 million people had been compromised in the cyber attack. A month later, the agency announced a second attack that was targeting 21.5 million people and only 1.1 million fingerprints had been stolen.

“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”

The OPM tried to downplay the situation by stating that the ability to abuse fingerprint data was “currently limited.” The agency did warn that as technology improved there could be a higher chance of someone using their fingerprints as a guarantee of identity. Considering there are now security measures for unlocking smartphones and home security systems using a person’s fingerprints, that day may not be as far as the OPM states.

Investigations are continuing as officials are still trying to find who was responsible for the cyber attacks. Meanwhile, the OPM is still in the process of notifying everyone who had information stolen. According to the agency, they will provide free identity theft and fraud protection services to those who were affected by the cyber attack.

U.S. officials have blamed China for the OPM breach. China has continued to deny the attacks. The announcement comes during the second day that Chinese President Xi Jinping is visiting the United States. Jinping is due to meet President Obama in Washington on Friday.

Russian Man Admits Global Hacking Scheme

A Russian man has admitted his role in a hacking scheme that sold record amounts of stolen credit and debit card numbers.

Vladimir Drinkman admitted that he had a major role in stealing 160 million credit and debit card numbers.  U.S. Attorney Paul Fishman said the hacking and data breach is the largest ever prosecuted in America.

Drinkman pleaded guilty to charges of conspiracy involving wire fraud and unauthorized access to protected computers. The 34-year-old will be sentenced in January and faces up to 35 years in federal prison after which he will be deported.

He also will face millions of dollars in fines.

Drinkman told the court that from 2005 to 2012 he worked with others on a scheme that sent malware to corporate computers to obtain personal information.  The malware would then delete itself so corporations could not tell they had been breached.

Some of the companies impacted where 7-Eleven, Dow Jones and NASDAQ.

Drinkman was arrested in the Netherlands in 2012 and brought to the U.S. for trial.  One of his co-conspirators, Dmitriy Smilianets, is in federal custody awaiting trial.  Three other co-conspirators are still on the run.

Martial Cheaters Exposed by Hackers

Users of the website Ashley Madison, which is designed to allow married people to cheat on their spouses, have been exposed to the world after the release of approximately 9.7 gigabytes of user data.

A group of hackers called “The Impact Team” released millions of usernames, real names and purchase information for users of Ashley Madison and a companion site, Established Men, which allows rich men to find young women.

The hackers focused on a portion of the website called “Full Delete” which for $19 has promised to scrub all user information from the site for those who no longer wished to use it.

In 2014, the “Full Delete” feature netted $1.7mm in revenue for the company that owns both websites, Avid Life Media (ALM).

“[Full Delete is] also a complete lie,” the Impact Team wrote after the hack last month. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

“…Too bad for ALM, you promised secrecy but didn’t deliver.”

The hackers then made their next threat.

“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret…fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” the hackers wrote in a statement following the breach.

Brian Krebs, the cybersecurity reporter with the Washington Post, wrote on the newspaper’s website that he had contacted three sources who were listed in the data dump and the sources verified the information was accurate.

“It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society,” officials from Ashley Madison’s parent company Avid Life Media wrote in a statement.

“We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law,” the statement continued.

Obama Administration Warns China Over Covert Agents in U.S.

The Obama administration has sent a harsh warning to Chinese officials about undercover Chinese intelligence agents coming to the U.S. and seeking out fugitives or immigrants.

The agents are working to bring home those the Communist government accuse of “corruption” after they gained asylum or resident status in the United States.

The declaration from the administration comes after officials discovered that Chinese hacking groups were infiltrating U.S. email databases.

Federal officials say they have found the undercover Chinese agents in the country illegally under tourist or trade visas.  These agents are using strong-arm tactics to force those the Communist government considers an enemy to return to China to be prosecuted.

Tactics include threats against family members still in China.

“Our principle is thus: Whether or not there is an agreement [with local law enforcement] in place, as long as there is information that there is a criminal suspect, we will chase them over there, we will take our work to them, anywhere,” Liu Dong, a director of Operation Fox Hunt, told the New York Times.

China and the United States do not have an extradition treaty, so the U.S. cannot force a Chinese national to return although in the past U.S. officials have returned suspected Chinese criminals.

Intelligence Officials Admit China Has Hacked Obama Administration Emails Since 2010

Senior U.S. Intelligence officials are confirming that China has been hacking the emails of Obama Administration officials since 2010.

The National Security Agency (NSA) has confirmed the intrusions were first detected in April 2010 and that the hacking of various accounts is still taking place.  The NSA official said that all top national security and trade officials have been targeted by the attack including Joint Chiefs of Staff Chairman Adm. Mike Mullen and Chief of Naval Operations Adm. Gary Roughead.

Gmail accounts were specifically mentioned by the NSA official but other email providers were also confirmed to have violated by the attack.

NBC reported the hacks were first code-named Dancing Pandaand then Legion Amethyst.

“There’s no effective defense against these attacks and, as we’ve seen, there’s also no effective deterrence,” geopolitical expert Ian Bremmer told Business Insider in June.

“China isn’t trying to engage in ‘integrity’ attacks against the US they don’t want to destroy American institutions and architecture as, after all, they’re hugely invested in American economic success,” he added.