About these ads

Archive

Posts Tagged ‘Data Leak’

March 2012 Cyber Attacks Timeline (Part II)

First Part: March 2012 Cyber Attacks Timeline (Part I)

It is time for the second part of the March 2012 Cyber Attacks Timeline, a month that will probably be remembered for the breach occurred to Global Payments, a credit card processor, whose aftermath may potentially affect up to 10 million credit card holders belonging, among the others, to Visa and MasterCard.

On the hacktivism front, not even three weeks after the arrest of several LulzSec members, a new hacking crew has appeared whose name, LulzSecReborn, clearly reminds the infamous collective and its Days of Lulz. They entered the scene with a noticeable, albeit discussed, leak: more than 170.000 records from a military dating site.

Other remarkable hacktivism-led cyber attacks include the so called #OpFariseo, a wave of Cyber Attacks targeting websites related to the visit of the Pope in Mexico, and a new cyber attack to PBS. It is also important to notice the debut of the Anonymous in China, a debut characterized by a massive wave of defacements.

Last but not least, among the events of this month there is one which in particular deserves a mention, and is the leak which targeted Vector Inc., a Japanese computer selling firm, potentially affecting more than 260,000 users.

As usual after the jump you will find all the references.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.

Read more…

About these ads

December 2011 Cyber Attacks Timeline (Part II)

December 30, 2011 2 comments

This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.

Last but not least… This post is my very personal way to wish you a happy new infosec year.

Read more…

The Lulz Boat Sails to Brazil (And Leaks 8 Gb Of Data)

August 7, 2011 3 comments

Hard Times for Police Corps all over the world, after the U.S. Law Enforcement Agencies, today it is Brazilian’s Police turn, hacked by LulzSec Brazil, who has disclosed 8 gb of data from what they defined the Pandora’s Box…

August has just begun, but my sixth sense and half tells me this will be another hot month for Information Security…

I Shot The Sheriff..

August 6, 2011 5 comments

Oops, they did it again! After the first attack to Law Enforcement Institutions, the AnonLulzSec (that is the Antisec campaign led by Anonymous and LulzSec), inside what they defined the ShootingSheriffsSaturday, leaked again 10 Gb of Data from the same Law Enforcement Agencies, releasing over 10gb of private police emails, training files, snitch info and personal info. The attack was made in retaliation for anonymous arrests (and for the declarations stating that no critical data had been compromised during the previous hack).

As usual the attack was announced with a tweet, and the original statement is available at this link, and the leaked data include:

  • Over 300 mail accounts from 56 law enforcement domains;
  • Missouri Sheriff account dump (mosheriffs.com);
  • 7000+ usernames, passwords, home addresses, phones and SSNs;
  • Online Police Training Academy files PDFs, videos, HTML files;
  • “Report a Crime” snitch list compilation (60+ entries);
  • Plesk plaintext server passwords (ftp/ssh, email, cpanel, protected dirs);

I found particularly interesting this quote from their statement:

A recent DHS bulletin has called us “script kiddies” that lack “any capability to inflict damage to critical infrastructure” yet we continue to get in and out of any system we please, destroying and dropping dox on the mightiest of government systems that are supposed to be protecting their sick nightmare of “law and order”. GIVE UP. You are losing the cyberwar, and the attacks against the governments, militaries, and corporations of the world will continue to escalate.

The DHS bulletin was released several days ago to provide some information to sysadmin in order to correctly face the Anonymous and LulzSec attacks, but what really looks interesting is the mention to Cyberwar. Hard Times for Department of Security, really busy to face attacks in the fifth domain from external (read other countries) and internal enemies (read Antisec).

Follow

Get every new post delivered to your Inbox.

Join 2,705 other followers