Turkish hackers calling themselves m0sted were able to break into a U.S. Army server in January and previously hacked a server for the Army Corps of Engineers, according to InformationWeek.
Hackers used an SQL injection attack to exploit a security vulnerability in Microsoft's SQL Server database, according to officials cited in the report.
The hacked servers were at the McAlister Ammunition Plant in Oklahoma and the U.S. Army Corps of Engineers' Transatlantic Center in Virginia.
Visitors to the McAlister plant's website on January 26th were redirected to a website containing messages protesting climate change. In September 2007, a similar attack on the Army Corps of Engineers redirected visitors to www.m0sted.net, which contained anti-American and anti-Israeli messages and images, InformationWeek reported.
The U.S. Department of Defense, which has reportedly been considering implementing a cybercommand to coordinate IT security and cyberwarfare, subpoenaed records from Google, Microsoft and Yahoo to track the identities of the hackers.
In August 2007, m0sted hacked a United Nations website to post a message that said "Hacked By Kerem125 m0sted and Gsy," according to reports. "That is CyberProtest Hey Ysrail and Usa dont kill children and other people Peace for ever No war."
Monthly Archives: May 2009
Obama lays out cybersecurity proposals
Filed under Security News
Tagged as cybersecurity coordinator, internet privacy, military systems, National Economic Council, National Security Council, Obama, President, technology research, terrorist networks
Tagged as cybersecurity coordinator, internet privacy, military systems, National Economic Council, National Security Council, Obama, President, technology research, terrorist networks
President Obama today proposed expanding coordination of cybersecurity efforts between government and the private sector in developing a strategic response to threats to the nation's computer networks that control critical infrastructure, financial markets and military systems.
In discussing the threats from cybercriminals, terrorist networks and state actors, the president mentioned how hackers have infiltrated military computers and even the website of his presidential campaign.
"For all these reasons, it's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation," Obama said.
The president did not reveal who he will appoint to fill the new post of a "cybersecurity coordinator," a position that will report to both the National Security Council and the National Economic Council.
But the role of the office of cybersecurity will be orchestrating and integrating all cybersecurity policies for the government and, "in the event of major cyber incident or attack, coordinating our response," Obama said.
Obama said the government will "not dictate security standards for private companies," but seek to collaborate with the IT industry on technology research and development.
He also pledged that he remains committed to internet privacy, civil liberties and net neutrality.
In discussing the threats from cybercriminals, terrorist networks and state actors, the president mentioned how hackers have infiltrated military computers and even the website of his presidential campaign.
"For all these reasons, it's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation," Obama said.
The president did not reveal who he will appoint to fill the new post of a "cybersecurity coordinator," a position that will report to both the National Security Council and the National Economic Council.
But the role of the office of cybersecurity will be orchestrating and integrating all cybersecurity policies for the government and, "in the event of major cyber incident or attack, coordinating our response," Obama said.
Obama said the government will "not dictate security standards for private companies," but seek to collaborate with the IT industry on technology research and development.
He also pledged that he remains committed to internet privacy, civil liberties and net neutrality.
Microsoft warns of new Windows exploit
Filed under Security News
Tagged as attacker, Microsoft, Microsoft Windows, streaming video, web security vulnerability, web-based attack scenario, Windows 2000, Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Tagged as attacker, Microsoft, Microsoft Windows, streaming video, web security vulnerability, web-based attack scenario, Windows 2000, Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Microsoft is warning users of a critical web security vulnerability in Windows 2000, Windows XP and Windows Server 2003 that has been exploited in the wild. If left unfixed, the flaw could allow hackers to take control of PCs.
The vulnerability is in Microsoft DirectX - the Windows subsystem used for streaming video - which hackers have exploited using malicious QuickTime video files, according to a posting on the Microsoft Security Response Center (MSRC) blog.
"An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in email," the post said.
In a web-based attack scenario, an attacker would have to convince users to visit a malicious website. After a user clicks on a link to the site, they would be prompted to perform several actions. "An attack could only occur after they performed these actions," Microsoft said.
MSRC said the vulnerability is not in Apple's QuickTime and the vulnerable code was removed in crafting Windows Vista, Windows 7 and Windows Server 2008.
Microsoft said in a security bulletin it is aware of limited, active attacks that use the exploit and the company has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate the issue.
Details of workarounds are posted at Microsoft's security research and defense blog.
The vulnerability is in Microsoft DirectX - the Windows subsystem used for streaming video - which hackers have exploited using malicious QuickTime video files, according to a posting on the Microsoft Security Response Center (MSRC) blog.
"An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in email," the post said.
In a web-based attack scenario, an attacker would have to convince users to visit a malicious website. After a user clicks on a link to the site, they would be prompted to perform several actions. "An attack could only occur after they performed these actions," Microsoft said.
MSRC said the vulnerability is not in Apple's QuickTime and the vulnerable code was removed in crafting Windows Vista, Windows 7 and Windows Server 2008.
Microsoft said in a security bulletin it is aware of limited, active attacks that use the exploit and the company has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate the issue.
Details of workarounds are posted at Microsoft's security research and defense blog.
Report identifies search terms riskiest for malware
Filed under Security News
Tagged as Gavin Rossdale, Gwen Stefani, internet users, McAfee, search engine, search engine optimization, Zuma Rossdale
Tagged as Gavin Rossdale, Gwen Stefani, internet users, McAfee, search engine, search engine optimization, Zuma Rossdale
Cybercriminals are increasingly using search engine optimization (SEO) techniques to target internet users who search for popular keywords, according to a new report that identifies the riskiest searches by category and country.
The report, by IT security company McAfee, concludes that the riskiest searches - those with the highest probability of leading to sites infected with viruses and other types of malware - include those for popular song lyrics, free music downloads and video game cheats.
People who search for free music downloads will get search results pages with an average of 20 percent risky websites. However, the overall risk of turning up malicious websites in searches is just 1.7 percent, McAfee said.
The report also found that more popular searches have a higher risk - suggesting that cybercriminals are paying attention to what terms will lead to more potential victims. For example, searches for Zuma Rossdale, the infant son of celebrity singers Gavin Rossdale and Gwen Stefani, can be as risky as 25 percent, suggesting that hackers pay significant attention to news events.
"If hackers are now motivated largely by profit, the biggest profits can be wrung from the largest pools of potential victims," the report concluded. "And on the web, popular trends and visitor traffic are highly correlated."
The report, by IT security company McAfee, concludes that the riskiest searches - those with the highest probability of leading to sites infected with viruses and other types of malware - include those for popular song lyrics, free music downloads and video game cheats.
People who search for free music downloads will get search results pages with an average of 20 percent risky websites. However, the overall risk of turning up malicious websites in searches is just 1.7 percent, McAfee said.
The report also found that more popular searches have a higher risk - suggesting that cybercriminals are paying attention to what terms will lead to more potential victims. For example, searches for Zuma Rossdale, the infant son of celebrity singers Gavin Rossdale and Gwen Stefani, can be as risky as 25 percent, suggesting that hackers pay significant attention to news events.
"If hackers are now motivated largely by profit, the biggest profits can be wrung from the largest pools of potential victims," the report concluded. "And on the web, popular trends and visitor traffic are highly correlated."
Personal data leaked on Aetna job website
Insurance company Aetna said it will give free credit monitoring to 65,000 people after their email addresses were stolen from a supposedly secure website for job applicants.
Human resources-related emails containing names, email addresses, Social Security numbers and other information from 450,000 people that had been offered jobs by the company had been stored on the site, but Aetna said so far it appears that only applicants' email addresses were stolen.
The company said it was alerted to the breach three weeks ago when it began receiving complaints from applicants that they were receiving phishing emails that told them they had a job offer and asked for personal information.
Aetna hired an outside firm to conduct a security review of the site, which had been maintained by an outside vendor, but it has not been able to figure out how the breach occurred.
Company spokeswoman Cynthia Michener said it had no reports that people's SSN were stolen, but the company is "erring on the side of caution," she said, according to the Associated Press.
Aetna has posted a spam warning on its main website, notifying customers of emails claiming to be responding to a job inquiry and requesting personal information.
Human resources-related emails containing names, email addresses, Social Security numbers and other information from 450,000 people that had been offered jobs by the company had been stored on the site, but Aetna said so far it appears that only applicants' email addresses were stolen.
The company said it was alerted to the breach three weeks ago when it began receiving complaints from applicants that they were receiving phishing emails that told them they had a job offer and asked for personal information.
Aetna hired an outside firm to conduct a security review of the site, which had been maintained by an outside vendor, but it has not been able to figure out how the breach occurred.
Company spokeswoman Cynthia Michener said it had no reports that people's SSN were stolen, but the company is "erring on the side of caution," she said, according to the Associated Press.
Aetna has posted a spam warning on its main website, notifying customers of emails claiming to be responding to a job inquiry and requesting personal information.
Survey: One-fifth of IT managers cheat on security audits
A new survey of IT managers and staff has found that 20 percent of IT security pros admit to fudging firewall audits in order to pass.
Released yesterday by an Israeli security vendor, the survey also discovered that 63 percent of companies only audit their firewalls every three months to a year, with 9 percent saying they never bother to check their firewalls at all. About half admitted that their firewall rules are "a mess."
The survey, conducted at the InfoSecurity Europe 2009 Conference in April, sampled 151 IT security professionals, many of whom come from multinational organizations and government departments employing 1,000 to 5,000 or more employees, the security company said.
Firewall audits typically only take a few days for the majority of companies. However, from a security perspective, infrequent audits can mean that many companies have firewalls that at best are running under par, the company said.
The survey also found that many companies are buying IT hardware off eBay, a trend the company was aware of anecdotally via its customers, it said. Almost a quarter of companies (24 percent) would buy from eBay if it meant that they would save money.
Released yesterday by an Israeli security vendor, the survey also discovered that 63 percent of companies only audit their firewalls every three months to a year, with 9 percent saying they never bother to check their firewalls at all. About half admitted that their firewall rules are "a mess."
The survey, conducted at the InfoSecurity Europe 2009 Conference in April, sampled 151 IT security professionals, many of whom come from multinational organizations and government departments employing 1,000 to 5,000 or more employees, the security company said.
Firewall audits typically only take a few days for the majority of companies. However, from a security perspective, infrequent audits can mean that many companies have firewalls that at best are running under par, the company said.
The survey also found that many companies are buying IT hardware off eBay, a trend the company was aware of anecdotally via its customers, it said. Almost a quarter of companies (24 percent) would buy from eBay if it meant that they would save money.
Spam report: Social networking accounts more effective for spam
Spammers have learned some creative new techniques for cracking spam filters and spam levels rose to more than 90 percent in May, according to a new report from IT security firm Symantec.
The report cites a rise in spam coming from social networking accounts that seem to have been created using random names and automated CAPTCHA-cracking programs.
These accounts are sending spam emails from major webmail hosting providers such as Google's Gmail, which allows the spam to sneak through spam filters that are set up to detect spoofed email headers.
Spam also follows a daily pattern that appears to be tailored to the time of day when recipients in different locations would be most likely to view it, although spammers are most active during the U.S. working day.
In the U.S., most spam activity occurs between 9 a.m. and 10 a.m., when U.S. workers are likely to be logging on to start the day. This makes sense because data show that the most active spammers are based in the U.S., the report said.
The majority (around 58 percent) of spam was sent from known botnets. Donbot is currently the most active botnet, responsible for around 18.2 percent of all spam, followed by Rustock (16.1 percent). Xarvester was responsible for 1.9 percent of spam.
The report cites a rise in spam coming from social networking accounts that seem to have been created using random names and automated CAPTCHA-cracking programs.
These accounts are sending spam emails from major webmail hosting providers such as Google's Gmail, which allows the spam to sneak through spam filters that are set up to detect spoofed email headers.
Spam also follows a daily pattern that appears to be tailored to the time of day when recipients in different locations would be most likely to view it, although spammers are most active during the U.S. working day.
In the U.S., most spam activity occurs between 9 a.m. and 10 a.m., when U.S. workers are likely to be logging on to start the day. This makes sense because data show that the most active spammers are based in the U.S., the report said.
The majority (around 58 percent) of spam was sent from known botnets. Donbot is currently the most active botnet, responsible for around 18.2 percent of all spam, followed by Rustock (16.1 percent). Xarvester was responsible for 1.9 percent of spam.
Cyber Secure Institute calls for health IT security certification
Filed under Security News
Tagged as Cyber Secure Institute, DC, healthcare, healthcare information, IT technologies, Obama administration, two technologies, University of California, Washington, web security advocacy group
Tagged as Cyber Secure Institute, DC, healthcare, healthcare information, IT technologies, Obama administration, two technologies, University of California, Washington, web security advocacy group
A web security advocacy group has issued a call for better tools against the hacking of private health records, in response to high profile health data breaches at the University of California Berkeley and the Virginia Prescription Monitoring Program.
The Cyber Secure Institute - a Washington, DC-based nonprofit - said the Obama administration's proposals to vastly expand the use of electronic health records risk exposing more Americans to a loss of privacy.
"Any eHealth system must be built upon only certified secure, best available IT technologies," the group said Tuesday, citing two technologies certified by the NSA as secure against cyberattacks.
"Only systems like these that are tested, proven and certified at these high levels of security robustness should be trusted with the nation's private healthcare information," it said.
The institute issued recommendations for providing health data privacy and security as well as policy initiatives including establishing a trust fund to compensate victims of eHealth data breaches and the creation of a national data integrity oversight office charged with ensuring healthcare IT systems are sufficiently secure.
The group also called for statutory protections allowing victims of health data breaches to recover damages for potential fallout from leaked health information, including loss of employment, loss of insurance or harm to reputation.
The Cyber Secure Institute - a Washington, DC-based nonprofit - said the Obama administration's proposals to vastly expand the use of electronic health records risk exposing more Americans to a loss of privacy.
"Any eHealth system must be built upon only certified secure, best available IT technologies," the group said Tuesday, citing two technologies certified by the NSA as secure against cyberattacks.
"Only systems like these that are tested, proven and certified at these high levels of security robustness should be trusted with the nation's private healthcare information," it said.
The institute issued recommendations for providing health data privacy and security as well as policy initiatives including establishing a trust fund to compensate victims of eHealth data breaches and the creation of a national data integrity oversight office charged with ensuring healthcare IT systems are sufficiently secure.
The group also called for statutory protections allowing victims of health data breaches to recover damages for potential fallout from leaked health information, including loss of employment, loss of insurance or harm to reputation.
Man drops lawsuit against Facebook as Koobface returns
Filed under Security News
Tagged as adobe, Facebook, Florida, law department, librarian and self-described privacy activist, Miami, Miami-Dade County, Miami-Dade County court, Microsoft, social networking sites, social networking virus, Theodore Karantsalis, USD, virus removal tool, Web security researchers, YouTube
Tagged as adobe, Facebook, Florida, law department, librarian and self-described privacy activist, Miami, Miami-Dade County, Miami-Dade County court, Microsoft, social networking sites, social networking virus, Theodore Karantsalis, USD, virus removal tool, Web security researchers, YouTube
Web security researchers have spotted a new variant of the Koobface social networking virus on Facebook, some users of which received spam messages with links to a fake YouTube spoof that asks users to download a malware version of Adobe Flash.
Facebook has been working with its security partners to clean the site of the virus, which has popped up on various social networking sites since last year.
But last week, a Florida man filed a lawsuit against Facebook claiming the company has not adequately protected users from viruses.
Theodore Karantsalis, a librarian and self-described privacy activist, was seeking $70.50 from Facebook in the lawsuit, which he filed in Miami-Dade County court. On Tuesday, he dropped the lawsuit, according to CNET News.
"I spoke with [Facebook]'s law department and the case has been resolved," Karantsalis wrote in an email, CNET reported.
Karantsalis told CNET his Facebook friends told him they were receiving messages from his account that directed people to a phishing site with a URL ending in ".im."
CNET reported that Karantsalis has previously sued several other organizations over alleged rights infringements, including Sprint and the city of Miami Springs, where he lives.
The Microsoft Malware Protection Center (MMPC) worked with Facebook to add detection of Koobface to the latest version of Microsoft's virus removal tool in early April.
MMPC said last month it had removed Koobface 200,000 times from over 133,677 computers.
Facebook has been working with its security partners to clean the site of the virus, which has popped up on various social networking sites since last year.
But last week, a Florida man filed a lawsuit against Facebook claiming the company has not adequately protected users from viruses.
Theodore Karantsalis, a librarian and self-described privacy activist, was seeking $70.50 from Facebook in the lawsuit, which he filed in Miami-Dade County court. On Tuesday, he dropped the lawsuit, according to CNET News.
"I spoke with [Facebook]'s law department and the case has been resolved," Karantsalis wrote in an email, CNET reported.
Karantsalis told CNET his Facebook friends told him they were receiving messages from his account that directed people to a phishing site with a URL ending in ".im."
CNET reported that Karantsalis has previously sued several other organizations over alleged rights infringements, including Sprint and the city of Miami Springs, where he lives.
The Microsoft Malware Protection Center (MMPC) worked with Facebook to add detection of Koobface to the latest version of Microsoft's virus removal tool in early April.
MMPC said last month it had removed Koobface 200,000 times from over 133,677 computers.