About these ads

Archive

Posts Tagged ‘Lady Gaga’

1-15 November 2012 Cyber Attacks Timeline

November 19, 2012 1 comment

The first half of November 2012 has been undoubtedly characterized by Hacktivism. Not only the month has begun with the ProjectBlackStar by the infamous Team Ghostshell (2.5 million accounts leaked belonging to different Russian sectors), but also the long-awaited November 5 has brought an unprecedented wave of Cyber Attacks against organizations all over the world, including Symantec and the UK Ministry Of Defence (more than 3,000 accounts leaked in both cases).

Moreover, after the dramatic event of the 14th of November (the killing of Ahmed Al-Jaabari, the commander of the military wing of Hamas by an Israeli missile and the consequent Operation “Pillar Of Defense”), the Anonymous have started a massive campaign of Cyber Attacks against Israel sites and in support of Palestine. This campaign is still ongoing even if it is really impossible to track all the attacks (nearly 700 defaced web sites so far), and hence, as far as possible, only a general overview is provided.

Of course these events have shadowed the other attacks, including the ones to LG (3,300 accounts leaked in two different cyber attacks) and Adobe (150,000 records allegedly compromised).

The chronicles also report of an alleged cyber attack against Telecom Italia (30,000 accounts allegedly leaked), even if there several doubts about the real authenticity of this attack.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

About these ads
Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

December 2011 Cyber Attacks Timeline (Part II)

December 30, 2011 2 comments

This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.

Last but not least… This post is my very personal way to wish you a happy new infosec year.

Read more…

July 2011 Cyber Attacks Timeline

August 2, 2011 5 comments

This awful infosec July is over, and finally we can sum up the Cyber Attacks reported during this month. I collected all the available information and inserted it inside the following chart. Where possible (that is enough information available) I tried to estimate the cost of the attacks using the indications from the Ponemon’s insitute according to which the average cost of a Data Breach is US $214 for each compromised record. The total sum (for the known attacks) is around $7.6 billion, mainly due to the “National Data Breach” of the South Korean Social Network Cyworld.

Approximately 16 attacks were directly or indirectly related to Antisec or Anonymous, they promised an hot summer and unfortunately are keeping their word…

Useful resources for compiling the (very long) chart were taken from:


1 http://www.zeropaid.com/news/94099/abhaxas-dumps-details-of-the-internal-florida-voting-database-online/
2 http://www.pcworld.com/article/235016/hackers_claim_apple_online_data_was_compromised.html
3 http://www.thehackernews.com/2011/07/fox-news-twitter-account-hacked-by.html
4 http://nakedsecurity.sophos.com/2011/07/05/sony-music-ireland-hackers/
5 http://news.cnet.com/8301-27080_3-20077268-245/sophisticated-attack-targets-two-energy-dept-labs
6 http://paulsparrows.wordpress.com/2011/07/08/dump-up-the-kids/
7 http://www.zeropaid.com/news/94250/abhaxas-hacks-floridas-voting-system-again/
8 http://www.v3.co.uk/v3-uk/news/2086749/anonymous-boasts-takedown-turkish-sites
9 http://www.theregister.co.uk/2011/07/08/patriotic_portuguese_hackers_hit_moody/
10 http://paulsparrows.wordpress.com/2011/07/09/another-fbi-contractor-hacked/5
11 http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html
12 http://www.hackersbay.in/2011/07/anonymous-shuts-down-ministry-of.html
13 http://www.kiplinger.com/securityfaq/
14 http://paulsparrows.wordpress.com/2011/07/12/another-one-bytes-the-dump/
15 http://paulsparrows.wordpress.com/2011/07/12/monsanto-hack-info-of-2500-employees-leaked/
16 http://www.thehackernews.com/2011/07/toshiba-database-hacked-and-user.html
17 http://paulsparrows.wordpress.com/2011/07/15/the-mother-of-all-breaches/
18 http://www.mirror.co.uk/celebs/news/2011/07/16/lady-gaga-website-hacked-and-fans-details-stolen-115875-23274356/
19 http://paulsparrows.wordpress.com/2011/07/19/the-lulzsec-boat-is-back-and-sails-under-the-sun/
20 http://news.cnet.com/8301-1009_3-20081405-83/anonymous-claims-to-have-breached-nato-security
21 http://www.cyberwarnews.info/2011/07/24/philippians-congress-hacked-by-bashcrew/
22 http://nakedsecurity.sophos.com/2011/07/22/anonplus-anonymouss-social-network-is-hacked/
23 http://paulsparrows.wordpress.com/2011/07/24/anonplus-hacked-again-by-syrian-group/
24 http://paulsparrows.wordpress.com/2011/07/25/italian-cyber-police-hacked/
25 http://austrianindependent.com/news/Business/2011-07-26/8537/ORF_hack_attack_worse_than_feared
26 http://www.koreaherald.com/national/Detail.jsp?newsMLId=20110728000881
27 http://paulsparrows.wordpress.com/2011/07/29/anonymous-claims-another-fbi-contractor-hacked/
28 http://paulsparrows.wordpress.com/2011/07/29/italian-anonymous-owned/
29 http://paulsparrows.wordpress.com/2011/07/31/its-a-cruel-summer/
30 http://www.thehackernews.com/2011/07/italys-police-it-network-vitrocisetit.html

And The Winner Is…

July 28, 2011 1 comment

The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community.

The awards are given out once an year. The fifth annual ceremony will take place on Aug 3rd, 2011 in Las Vegas at the BlackHat USA security conference.

In 2011 there will be nine award categories:

  • Pwnie for Best Server-Side Bug
  • Pwnie for Best Client-Side Bug
  • Pwnie for Best Privilege Escalation Bug
  • Pwnie for Most Innovative Research
  • Pwnie for Lamest Vendor Response
  • Pwnie for Best Song
  • Pwnie for Most Epic FAIL
  • Pwnie for Lifetime Achievement
  • Pwnie for Epic Ownage

Do you remember the hacking matrix I posted several days ago, emphasizing impact and innovation as two key factors in hacking? Well, it looks like the panel of the judges did recognized the value of these two factor (together with a certain amount of shallowness in case of Sony).

(Nearly) all the events drawn in the matrix, which happened in 2011 deserved a nominee for the prize, with the exception of Epsilon Data Breach, whose likely category, Most Epic Fail, has been literally monopolized by Sony with 5 nominations.

RSA deserved a nomination as well in the category “Lamest Vendor Response”, while the category Epic Ownage has been monopolized by LulzSec. Even if LulzSec has been appointed only once for “hacking everyone”, there is also a nomination for Anonymous for “hacking HBGary Federal”, probably this is a mistake since it looks clear that HBGary Federal was hacked by the Lulz Boat as well (as also ironically stressed by the LulzSec group itself).

The other two nominations for the Epic Ownage? Bradley Manning and Wikileaks (but I would also have inserted Lady Gaga since a fake Lady Gaga CD was used to perform the leak, and… most of all Stuxnet, who ranked at the top for impact an innovation in this matrix. Stuxnet is considered the first of a new generation of Cyber-weapons even if, so far, no other malware of similar sophistication has been detected (but U.S. Department of Homeland Security fears a modified Stuxnet variant could soon attack U.S. Infrastructure).

Interesting to notice, as suggested by Network World, whoever will win the Epic Ownage prize will be, in theory, a criminal for the law, consequently Law enforcement could be seriously interested to see if anyone actually shows up to this year to accept the prize for Epic Ownage at Black Hat, since all the nominees will face possible criminal charges.

At this link a complete list of the nominations.

Lady Gaga Web Site Hacked

Lady GaGa visit Sweden at Sommarkrysset, Gröna...
Image via Wikipedia

This sunny July morning begins with another resounding hacking notification.

This time is Lady Gaga’s turn, whose U.K. Web Site, according to Daily Mirror, has been hacked and thousands of her fans’ personal details consequently stolen during the attack and made public.

The attack has been performed by the Hacker Group Swagsec, on June 27, but was made public only this week. The reasons are probably related to the claims according to which she uses the gay community to sell records.

An anonymous source said: “She’s upset and hopes police get to the bottom of how this was allowed to happen.”
 

Universal said yesterday:

“The hackers took a content database dump from http://www.ladygaga.co.uk and a section of email, first name and last name records were accessed. There were no passwords or financial information taken.

“We take this very seriously and have put in place additional measures to protect personally identifiable information. All those affected have been advised.”

SwagSec have also targeted other Universal artists recently including Amy Winehouse and Justin Bieber.

In an unrelated incident, an 18-year-old German hacker who leaked tracks by Gaga in 2009 was recently jailed for 18 months.

I must confess that these vacations are proving to be very interesting from my information security professional perspective. In the last weeks. each night I go to sleep wondering what further data breach will be notified the morning after… (un)luckily my expectations have almost never been unattended…

Follow

Get every new post delivered to your Inbox.

Join 3,042 other followers