A Sacramento, California, hacker pleaded guilty to charges of fraud and identity theft for his involvement in an international cyberscam that used personal information stolen with phishing sites to open fraudulent Wal-Mart credit accounts.
Tien "Tim" Truong Nguyen pleaded guilty on Tuesday, the day before his case was set to go to trial, according to IDG News Service. Prosecutors said he had set up websites that used phishing tactics to dupe people into disclosing their personal information.
With the help of Romanian cybercriminals, Nguyen used the phishing websites to steal information that he supplied to others to open Wal-Mart instant credit accounts in stores throughout northern California, IDG News reported.
According to the mid-year online threat report from IBM, phishing spam made up just 0.1 percent of all spam email in the first six months of this year, down from 0.2 percent to 0.8 percent of spam during the first half of 2008.
However, identity thieves can launch phishing attacks by poisoning search results with phony websites and other tactics to lure victims. Phishing fools as many as 55,000 new victims each month, according to one report.
Tag Archives: hacker
Hacker in Heartland data breach a ‘fall guy’ for Russians?
IT security experts are suggesting that 28-year-old Albert Gonzales, who was indicted last week for involvement in the massive data breach of Heartland Payment Systems, may just be a fall guy for more expert hackers who have escaped justice in Russia.
Gonzales was charged last Monday with conspiracy and wire fraud for involvement along with two unnamed Russian co-conspirators hacking the network firewalls of Heartland Payment Systems, along with retail chains 7-Eleven and Hannaford Brothers.
Gonzales was already in custody and facing trial in two other hacking cases for data theft from TJX and another retailer.
But security experts say Gonzales may have just been "the tip of the iceberg" and not the real mastermind behind the attacks, who are likely connected to criminal gangs in Russia and elsewhere in Eastern Europe.
Writing at the Trend Micro malware blog, security researcher Paul Ferguson said there is "an entire Eastern European organized criminal operation that is further along in this food chain."
Richard Koman, writing for ZDNet, said Gonzales may have been "a low-level purveyor of data" who was used by the Russians for "scope-out work" to locate the vulnerabilities exploited by the other hackers.
Gonzales was charged last Monday with conspiracy and wire fraud for involvement along with two unnamed Russian co-conspirators hacking the network firewalls of Heartland Payment Systems, along with retail chains 7-Eleven and Hannaford Brothers.
Gonzales was already in custody and facing trial in two other hacking cases for data theft from TJX and another retailer.
But security experts say Gonzales may have just been "the tip of the iceberg" and not the real mastermind behind the attacks, who are likely connected to criminal gangs in Russia and elsewhere in Eastern Europe.
Writing at the Trend Micro malware blog, security researcher Paul Ferguson said there is "an entire Eastern European organized criminal operation that is further along in this food chain."
Richard Koman, writing for ZDNet, said Gonzales may have been "a low-level purveyor of data" who was used by the Russians for "scope-out work" to locate the vulnerabilities exploited by the other hackers.
Black Hat: Hacker exposes iPhone SMS flaw
Filed under Security News
Tagged as Black Hat, crash, exposes, flaw, hacker, iPhone, SMS, vulnerability
Tagged as Black Hat, crash, exposes, flaw, hacker, iPhone, SMS, vulnerability
A professional hacker and security researcher exposed a flaw in Apple's iPhone 3GS which could allow a hacker to hijack the phone as part of a botnet or crash the phone, at the Black Hat 2009 security conference in Las Vegas.
Charlie Miller, an authority on Mac OS X security and the co-author of the Mac Hacker's Handbook, said a SMS flaw could allow an attacker to use text messages to remotely execute malicious code to hijack the device or cause it to crash.
Miller, who had discussed the iPhone security bug at a security conference in Singapore earlier this month, said previously he was able to use a vulnerability in the way the iPhone receives text messages to remotely crash the phone.
He said hackers could theoretically exploit the vulnerability to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations or hijack the phone as part of a botnet to send SMS spam or launch distributed denial-of-service attacks (DDoS).
Miller also warned that "jailbreaking" an iPhone to add software or capabilities not offered by Apple leaves the device vulnerable to hacking and viruses.
"If you care about security, don't use a jailbroken iPhone," Miller said.
Charlie Miller, an authority on Mac OS X security and the co-author of the Mac Hacker's Handbook, said a SMS flaw could allow an attacker to use text messages to remotely execute malicious code to hijack the device or cause it to crash.
Miller, who had discussed the iPhone security bug at a security conference in Singapore earlier this month, said previously he was able to use a vulnerability in the way the iPhone receives text messages to remotely crash the phone.
He said hackers could theoretically exploit the vulnerability to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations or hijack the phone as part of a botnet to send SMS spam or launch distributed denial-of-service attacks (DDoS).
Miller also warned that "jailbreaking" an iPhone to add software or capabilities not offered by Apple leaves the device vulnerable to hacking and viruses.
"If you care about security, don't use a jailbroken iPhone," Miller said.
UK hacker McKinnon loses extradition appeal
Filed under Security News
Tagged as 2001, 2002, appeal, extradition, hacker, loses, McKinnon, NASA, UK
Tagged as 2001, 2002, appeal, extradition, hacker, loses, McKinnon, NASA, UK
British national Gary McKinnon, accused of hacking the computer networks of the U.S. military and NASA in 2001 and 2002, lost an appeal fighting his extradition to the United States.
McKinnon has admitted to hacking but his attorney challenged extradition in light of his mental health condition.
After losing his appeal to the British High Court and earlier appeals to the House of Lords and the European Court of Human Rights, his options have likely run out.
Karen Todner, McKinnon's defense attorney, said yesterday that extradition would leave McKinnon, who has Asperger's syndrome, a type of autism, vulnerable to mental breakdown or perhaps suicide.
"Gary is clearly someone who is not equipped to deal with the American penal system and there is clear evidence that he will suffer a severe mental breakdown if extradited," Todner said, according to the BBC.
U.S. authorities say McKinnon, 42, compromised the network security of the Army, Air Force, Navy and NASA and caused close to $1 million in damages. McKinnon claims he was looking for classified evidence of UFOs.
He could face up to 70 years in prison in the U.S. if found guilty.
McKinnon has admitted to hacking but his attorney challenged extradition in light of his mental health condition.
After losing his appeal to the British High Court and earlier appeals to the House of Lords and the European Court of Human Rights, his options have likely run out.
Karen Todner, McKinnon's defense attorney, said yesterday that extradition would leave McKinnon, who has Asperger's syndrome, a type of autism, vulnerable to mental breakdown or perhaps suicide.
"Gary is clearly someone who is not equipped to deal with the American penal system and there is clear evidence that he will suffer a severe mental breakdown if extradited," Todner said, according to the BBC.
U.S. authorities say McKinnon, 42, compromised the network security of the Army, Air Force, Navy and NASA and caused close to $1 million in damages. McKinnon claims he was looking for classified evidence of UFOs.
He could face up to 70 years in prison in the U.S. if found guilty.
Biz Stone explains data theft from Twitter’s Google Apps
Filed under Security News
Tagged as Biz Stone, blog, data, Google Apps, hacker, Hacker Croll, theft, Twitter
Tagged as Biz Stone, blog, data, Google Apps, hacker, Hacker Croll, theft, Twitter
Twitter co-founder Biz Stone said yesterday that a hacker who gained access to a Twitter employee's personal email account was able to infiltrate the popular social network's Google Apps account to steal confidential company documents, underscoring the potential pitfalls of weak passwords and lax email security.
The hacker, known by the handle Hacker Croll, distributed files to various websites from Twitter's Google Docs, Calendar and "other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company," Stone said on the Twitter blog (hosted on Google's Blogger).
"Since then, we have performed a security audit and reminded everyone of the importance of personal security guidelines," Stone said in the post.
The website TechCrunch said Tuesday that it had received a zip file containing 310 documents, ranging from executive meeting notes and financial projections to salaries of Twitter employees.
Stone said the data theft was not a result of flaws in Google Apps, but due to the fact that Twitter is under "a spotlight" putting a target on employees.
Google observed on its security blog that it has security measures in place for users of Gmail and other apps for business customers that make password recovery more secure, including an option for password recovery by mobile phone.
The hacker, known by the handle Hacker Croll, distributed files to various websites from Twitter's Google Docs, Calendar and "other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company," Stone said on the Twitter blog (hosted on Google's Blogger).
"Since then, we have performed a security audit and reminded everyone of the importance of personal security guidelines," Stone said in the post.
The website TechCrunch said Tuesday that it had received a zip file containing 310 documents, ranging from executive meeting notes and financial projections to salaries of Twitter employees.
Stone said the data theft was not a result of flaws in Google Apps, but due to the fact that Twitter is under "a spotlight" putting a target on employees.
Google observed on its security blog that it has security measures in place for users of Gmail and other apps for business customers that make password recovery more secure, including an option for password recovery by mobile phone.
Hacker planned to use hospital PCs for ‘massive’ July 4 DDOS
Filed under Security News
Tagged as DDoS, Devil's Day, GhostExodus, hacker, hospital, Jesse William McGraw, July 4, McGraw, YouTube
Tagged as DDoS, Devil's Day, GhostExodus, hacker, hospital, Jesse William McGraw, July 4, McGraw, YouTube
Federal authorities last week arrested Jesse William McGraw - a/k/a "GhostExodus" - whom they said posted YouTube videos of himself compromising PCs at a Dallas hospital and urging hackers to join him in a massive DDOS attack on July 4.
McGraw, who was employed as a security guard at Carrel Clinic hospital in Dallas, broke into several computers in the hospital building, including computers controlling the heating, ventilation and air conditioning system and computers containing confidential patient information, according to acting U.S. Attorney James T. Jacks of the Northern District of Texas.
The affidavit alleges that between April and June 2009 McGraw compromised the network security of the hospital computer systems in order to carry out a distributed denial-of-service attack (DDOS) against unnamed targets on July 4, 2009, a date that McGraw called "Devil's Day," the U.S. attorney said.
The U.S attorney said McGraw had given notice to his employer, United Protection Services, announcing his last day of work was to be July 3, the day before the planned DDOS attack.
McGraw appeared in court last week and was ordered detained until a grand jury determines whether to indict him, according to SCmagazineUS.com.
McGraw, who was employed as a security guard at Carrel Clinic hospital in Dallas, broke into several computers in the hospital building, including computers controlling the heating, ventilation and air conditioning system and computers containing confidential patient information, according to acting U.S. Attorney James T. Jacks of the Northern District of Texas.
The affidavit alleges that between April and June 2009 McGraw compromised the network security of the hospital computer systems in order to carry out a distributed denial-of-service attack (DDOS) against unnamed targets on July 4, 2009, a date that McGraw called "Devil's Day," the U.S. attorney said.
The U.S attorney said McGraw had given notice to his employer, United Protection Services, announcing his last day of work was to be July 3, the day before the planned DDOS attack.
McGraw appeared in court last week and was ordered detained until a grand jury determines whether to indict him, according to SCmagazineUS.com.
British NASA hacker gets new hearing on extradition
Filed under Security News
Tagged as attorney, autism, British government, Gary McKinnon, hacker, mental illness, NASA, U.S. military, UK High Court, United Kingdom, United States
Tagged as attorney, autism, British government, Gary McKinnon, hacker, mental illness, NASA, U.S. military, UK High Court, United Kingdom, United States
Justices for the UK High Court have agreed to hear on July 14th an application for a judicial review of the extradition of British national Gary McKinnon, who has confessed to hacking the networks of the U.S. military and NASA, according to ZDNet UK.
Attorneys for McKinnon have been fighting his extradition to the U.S., saying that sending McKinnon to the U.S. to face trial could result in him committing suicide because of his mental illness.
McKinnon, the 42-year-old man who U.S. authorities say compromised the network security of the Army, Air Force, Navy and NASA and caused close to $1 million in damages, was diagnosed last August with Asperger's syndrome, a type of autism.
His attorney, family and supporters say he should be tried in the UK and contend his diagnosis was not properly considered by the former UK home secretary who ordered his extradition in October.
The National Autistic Society, a UK advocacy group, has petitioned the British government to keep McKinnon in the UK, based on his condition.
He could face up to 70 years in prison in the U.S. if found guilty. McKinnon reportedly said he was searching high-security networks for evidence of extraterrestrial life.
Attorneys for McKinnon have been fighting his extradition to the U.S., saying that sending McKinnon to the U.S. to face trial could result in him committing suicide because of his mental illness.
McKinnon, the 42-year-old man who U.S. authorities say compromised the network security of the Army, Air Force, Navy and NASA and caused close to $1 million in damages, was diagnosed last August with Asperger's syndrome, a type of autism.
His attorney, family and supporters say he should be tried in the UK and contend his diagnosis was not properly considered by the former UK home secretary who ordered his extradition in October.
The National Autistic Society, a UK advocacy group, has petitioned the British government to keep McKinnon in the UK, based on his condition.
He could face up to 70 years in prison in the U.S. if found guilty. McKinnon reportedly said he was searching high-security networks for evidence of extraterrestrial life.