Tuesday, 20 October 2009

Classified Info on Dangerous Chemicals Hacked

The Korea Times
10-17-2009

Hackers stole classified information on dangerous chemicals in their raid on the South Korean army computer network in what was believed to be an attack by North Korea, Yonhap News Agency reported Saturday, quoting government officials.

The Chemicals Accident Response Information System, used by 589 South Korean government agencies including fire and police stations, was accessed by hackers on March 5. Hackers appear to have broken into the system using the ID of a South Korean army officer whose personal computer was infected by a virus, according to officials.

"We believe the hacker tapped into the system using the ID, withdrawing classified information of 1,350 dangerous chemicals," an army official was quoted as saying by Yonhap. "The government believes North Korea could be behind the hacking. We are continuing our investigation."

The revelation comes less than three months after cyber attacks severely slowed or disrupted dozens of South Korean government and business Web sites, including those of the presidential office and ministries of defense and foreign affairs. Rumors were rampant then that North Korean hackers orchestrated the attacks, although they have yet to be substantiated.

"We are trying to find out exactly how much information has been withdrawn," another unnamed official at Seoul's Environment Ministry was quoted as saying, adding the government has asked organizations dealing with the chemicals to tighten security.

Unnamed intelligence sources in Seoul said in May that North Korea operates a cyber warfare unit that seeks to disrupt South Korean and U.S. military networks and visits U.S. military sites more frequently than any other country.

South Korea and the U.S. signed a memorandum of understanding on April 30 to bolster cooperation in fighting cyber terrorism against their defense networks.

VoIP hack suspect fugitive extradited back to US

By John Leyden
The Register
19th October 2009

A Venezuelan hacking suspect arrested in Mexico last February on computer hacking and fraud charges faces a court appearance in New Jersey on Tuesday, following his extradition to the US last week.

Edwin Pena, 26, a former Miami resident, fled from US justice in August
2006 two months after he was bailed on charges of hacking into phone systems and stealing VoIP call credits. Pena allegedly resold these services in collusion with an accomplice, Robert Moore of Washington.
Pena and Moore raked in an estimated $1.4m through the alleged sale of 10 million voice call minutes stolen from telecoms suppliers.

Moore pleaded guilty multiple computer hacking and fraud offences in late 2007, resulting in a two year jail sentence. His admitted involvement in the scam involved scanning telecom supplier networks for vulnerabilities between June 2005 and October 2005. Pena, the alleged brains of the operation and major beneficiary, use Moore's reconnaissance to draw up a list of targets for attack.

The Venezuelan used brute force techniques to extract activation codes from vulnerable telecom supplier systems. Among those victimised was a Newark, New Jersey supplier of telecoms services.

Medical Records: Stored in the Cloud, Sold on the Open Market


By Kim Zetter
Threat Level
Wired.com
October 19, 2009

When patients visit a physician or hospital, they know that anyone involved in providing their health care can lawfully see their medical records.

But unknown to patients, an increasing number of outside vendors that manage electronic health records also have access to that data, and are reselling the information as a commodity.

The revelation comes in a recent New York Times article about how so-called "scrubbed" patient data isn't as anonymous as people think.
The piece focuses primarily on how anonymized data can be cross-bred with other publicly available databases, such as voting records, which subverts the anonymity. Buried near the end of the article is the news that medical data is collected, anonymized and sold, not by insurance agencies and health care providers, but by third-party vendors who provide medical-record storage in the cloud.

Electronic health record (EHR) services have been a growing industry in the last few years, according to Sue Reber, marketing director of the Certification Commission for Health Information Technology. Reber says most vendors used to simply sell software packages; once the product was sold, the vendor had no connection to the data stored in it. But an increasing number of companies have begun to offer web-based software-management applications that include database storage controlled and managed by the vendor.

Botnet Unleashes Variety Of New Phishing Attacks


By Kelly Jackson Higgins
DarkReading
Oct 19, 2009

The massive Zbot botnet that spreads the treacherous Zeus banking Trojan has been launching a wave of relatively convincing phishing attacks during the past few days -- the most recent of which is a phony warning of a mass Conficker infection from Microsoft that comes with a free "cleanup tool."

The wave of attacks began early last week targeting corporations in the form of email messages that alerted victims of a "system upgrade." Email is accompanied by poisoned attachments and links; in some cases it poses as a message from victims' IT departments, including their actual email domains, and alerts them about a "security upgrade" to their email accounts. The message then refers victims to a link to reset their mailbox accounts, and the link takes them to a site that looks a lot like an Outlook Web Access (OWA) page (PDF), but instead infects them with the Zeus Trojan.

Today, researchers at F-Secure spotted the botnet spamming out malware-laden email that tries to trick recipients with a convincing lure messages that says, "On October 22, 2009 server upgrade will take place."

"What we're seeing is an evolving campaign of different lures to see which one works," says Richard Wang, manager of Sophos Labs in the U.S.

The Zbot botnet, which is made up of 3.6 million PCs in the U.S., or 1 percent of all PCs in the country, according to data from Damballa, spreads the deadly Zeus Trojan. Zeus, which steals users' online financial credentials, represents 44 percent of all financial malware infections today, according to Trusteer.

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News