UK defense ministry in possible identify theft scare
CNN is reporting that the Ministry of Defense of the UK has lost track of a portable hard drive which according to a tabloid carries information on some 100,000 British military personnel and 600,000 potential recruits.
One can only wonder whether the information on the hard drive was encrypted or not…
Biggest hacker underground market going bust; what next?
DarkMarket.ws, the online forum better known as the biggest hacker market for trading stolen online identities, credit card information, ATM skimmers, and a host of other related items - is shutting down Oct 4 according to a notice posted on the forum by one of the forum administrators, Splyntr.
The shut down plan follows arrest of one of its administrators, Cha0 (Cagatay Evyapan), by Turkish police earlier this month.
The whole story is covered in great detail this story on Wired’s Blog, Threat Level. So, what’ next after DarkMarket.ws?
Best Western Hotel group’s systems hacked
The Sunday Herald is reporting that an international gang of computer hackers has penetrated the booking system of the Best Western Hotel group and stolen the identities of an estimated 8 million hotel guests.
The report states:
A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group’s online booking system and sold details of how to access it through an underground network operated by the Russian mafia.
It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western’s 1312 continental hotels since 2007.
Update (August 27 - 11PM +4GMT) - FOX News is reporting that Best Western has denied the extend of the hacking incident claiming the report by the Sunday Herald as “grossly unsubstantiated” and “largely erroneous.”
Best Western did, however, confirm that a hacker was able to penentrate its computer network in one of the hotels in Berlin and install a trojan on one of the computers designed to steal data.
Justice for largest hacking case ever
CNN is reporting that 11 people were charged yesterday for allegedly stealing more than 40 million credit and debit card numbers. The hacking incidents relating to the accused took place at various major retail outlets in the USA over the past three years.
The defendants come from U.S.; Estonia; Belarus; China, with one individual whose country of origin still remains unknown.
From the report:
Under the indictments, three Miami, Florida, men — Albert “Segvec” Gonzalez, Christopher Scott and Damon Patrick Toey — are accused of hacking into the wireless computer networks of retailers including TJX Companies, whose stores include Marshall’s and T.J. Maxx, BJ’s Wholesale Club, OfficeMax, Barnes and Noble and Sports Authority, among others.
The three men installed “sniffer” programs designed to capture credit card numbers, passwords and account information as they moved through the retailers’ card processing networks, said Michael Sullivan, the U.S. attorney in Boston.
Emirates Skywards accounts leaked on the net
It is not unusual to come across stolen identities on the web and this one is no exception. I came across a post in an underground forum listing a bunch of Emirates Skywards accounts. I picked a random account to verify the claims and the rest is pictured below:
Figure1: Skywards/Emirates account main page
Figure 2: Saved credit card information
Figure 3: Skywards member personal information
After going through the list, I reckon the accounts were compromised as a result of brute force attacks given the relative serial order of the listed accounts, and the inadequate authentication controls available on emirates.com.
Skywards members - update your passwords now! Read the rest of this entry
