According to the Associated Press, the military issued a shutdown of the wireless network at the Guantanamo Bay Naval Base, also blocking access to social media websites, including Twitter and Facebook, via the base’s computers. No cyberattacks have happened thus far; the shutdown was initiated merely as a precaution due to the posted threats.

The threats were made on May 6 via Anon Insiders, where Anonymous published a press release regarding “Operation Guantanamo.” According to the statement, May 18 represented the 100th day the prisoners had been on the hunger strike, the same time the hackers’ 3-day operation would take place. The public was called to initiate “twitterstorms, email bombs, and fax bombs” nonstop to show their support.

The press release also included numbers to the White House, U.S. Southern Command, and Department of Defense, urging the public to call the numbers and demand a change in conditions and eradication of the force-feedings, as well as demands that the Obama Administration close Guantanamo, as was the original plan. People were also asked to call their representatives and senators to petition for its closure.

It is worth noting the press release doesn’t say anything about hacking or cyberattacking the network, instead urging the public to bombard the powers that be with denouncements of the prison’s conditions, actions, and continued existence. As such, it has been pointed out on the Operation Guantanamo’s Twitter account that the base has taken itself offline, with the hacking collective not having to do anything, seemingly fulfilling the purpose it was assumed Anonymous sought to achieve.

There’s no word on when the network will be available again.

SOURCE: Associated Press

The Syrian Electronic Army has attacked a variety of media companies, including CBS, The Guardian, E! Online, and even The Onion. Often times, the hackers take control of the company’s Twitter account(s) and use it/them to post messages, some of them coming across as nonsense, others as fake news (such as Justin Bieber coming out of the closet), and sometimes things of a more serious nature, such as the link to a video execution on YouTube posted on one of the Financial Times’ Twitter accounts.

The Financial Times confirmed the hacks to The New York Times in an email, according to the latter company. While the company didn’t specify how the hackers gained access to their system, there’s a good chance it was accomplished the same way its other breaches have been achieved, which was detailed by The Onion earlier this month.

According to a blog post published on May 10, The Onion’s attack was the result of a rather conventional phishing scheme that involved sending links to a few of the company’s employees. The links purported to be of an interesting story, but instead took the recipient to a page requesting Google Apps login information. When someone falls for the ruse, their email is then used to try to message other workers for additional login information.

When someone in possession of the company’s social media accounts takes the bait, the hackers can then log into the account, change the password, and begin wrecking havoc. A similar attack was performed on The Associated Press, with one of the hackers revealing that 50 of the company’s employees had revealed their login information. Such attacks reaffirm that companies should train their employees on how to recognize phishing attempts, as well as taking measures to reduce the amount of damage that can result if someone does provide their credentials.

SOURCE: The New York Times

Last month, 20-year-old Jake Davis, 26-year-old Ryan Ackroyd, and 18-year-old Mustafa al-Bassam plead guilty to charges of cyberattacking the NHS, News International, and Sony. On top of those, Ackroyd in particular also plead guilty to plotting attacks on other websites in addition to a computer hacking charge. Al-Bassam and Davis, in addition to the aforementioned, plead guilty to conspiring to attack various law enforcement agencies in both the US and UK.

While those three plead guilty last month, 21-year-old Ryan Cleary, who was also sentenced today, had already plead guilty in his own legal spat, which consisted of six various related charges. The guilty pleas were entered about two years after the attacks for which they were sentenced took place. Out of the four, Ackroyd had been the only to initially maintain his innocence.

Now that the sentencing is complete, we see that Cleary was given a 32-month prison sentence, Ackroyd a 30-month sentence, and Davis a 24-month sentence. Al-Bassam was the only one to side-step a prison sentence, instead receiving a 20-month suspended sentence because – though now an adult – he was only 16-years-old when he committed the cyberattacks, making him a minor. Instead, he will perform 300 hours of community service.

Crown Prosecution Service lawyer Andrew Hadik said: “The harm they caused was foreseeable, extensive and intended. Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people’s lives. This case should serve as a warning to other cybercriminals that they are not invincible.”

SOURCE: BBC News

Bhalla is the CEO of security company Security Compass, which specializes in breaking into the security sytems of organizations and companies, exposing any vulnerabilities and issues that compromise data – or, in this case, allow someone to run off with millions of dollars. A bank located in the United States – name not provided – hired Bhalla’s company to test its system.

As we noted, the system wasn’t secure, and as a result Bhalla set himself up a checking account and funded it with $14 million that didn’t exist – money generated on the fly, so to speak. He then went over to the ATM machine and grabbed a receipt, which you can see an image of above, confirming that he was now – temporarily, at least – a multi-millionaire. Needless to say, such a massive infiltration “shocked” the bank, and it closed down his account before sprucing up its network security.

Not stopping there, he spoke to the folks over at CNN, detailing how the process of acquiring the funds went, and, in doing so, demonstrated how other stores, banks, and organizations could potentially suffer at the hands of the technically-inclined unscrupulous. The first step, as you likely guessed, was gaining access to the bank’s network, which Bhalla says it is simple to do by latching on to its wireless network – something many banks provide for its customers to use as a courtesy.

From there, it was only a matter of using freely available sniffer software to map the bank’s computer network, followed by flooding the network’s switches to gather data. He found log-in information for a teller’s computer, which didn’t use encryption when sending data to the bank’s main database. As such, Bhalla had free reign, and used it to create a bank account with $14 million in funds, something that would likely go undetected until well after he transferred the funds overseas and left the country.

Such a revelation comes only days after eight individuals were charged with swiping $45 million from ATM machines.

SOURCE: CNN Money

Last month, the Syrian Electronic Army claimed credit for a few different compromised accounts. On April 21, the organization said it was responsible for the hacking of several CBS Twitter accounts, and a week later it went after The Guardian’s Twitter accounts, sending out tweets in its own favor. It didn’t take long for another compromised account to surface, this time being E! Online’s Twitter account, where the hackers spread false information about singer Justin Bieber before proclaiming in another tweet that fans had been trolled.

Its latest target was The Onion, which was digitally infiltrated this past Monday by the SEA, something that was originally suspected to be a joke given the nature of the company. That notion was laid to rest on Wednesday when The Onion posted a series of screenshots and URLs detailing precisely how the organization compromised its Twitter account, revealing that the hack – as with previous ones – had been accomplished via a few different phishing methods.

The attack was initiated via emails sent to The Onion employees containing a link that, with a quick glance, appeared to be from The Washington Post on content about The Onion. When clicked, however, the link took the recipient to the URL “hackwordpresssite.com/theonion.php,” which then redirected again to one requesting Google App login information, after which point it took the victim full circle back to Gmail. Only a few employees received the emails, and at least one was fooled by it, resulting in the second phase of the attack.

Using the employee’s compromised email, the SEA sent messages to other The Onion employees early in the morning containing another link that again requested Google login information. Of those targeted, one of the individuals who fell for it had the login information for The Onion’s social media accounts, including Twitter.

The Onion notified employees of the breech and sent emails instructing workers to reset their passwords, unaware that one of their accounts was still compromised. Via that account, the SEA sent an email to all but those involved in the IT department with a link said to be a password-reset URL. A couple people fell for the second link, with both of their accounts then being used by the hackers to take control of The Onion’s Twitter account. Because of this, the company required all Google Apps passwords to be reset company wide, but not before posting a humorous jab at the SEA.

In summary, The Onion advises other media companies to avoid such attacks by taking such steps as employee education on phishing, isolating social media account logins, feeding tweets through a third-party application, and having access to all employees outside of corporate email accounts.

SOURCE: The Onion

The OpUSA cyberattack was set to take place on May 7, which has come and gone for most of those in the US, and thus far no reports have surfaced regarding cyberattacks against the intended targets, among which was the Pentagon, NSA, FBI, the White House’s website, Capital One, Bank of America, and many more banks. A YouTube video was also specified as a target.

YouTube hosted a video titled “Innocence of Muslims,” which Islamist hacking collective Izz al-Din Qassam Cyber Fighters would remove from the website, said Anonymous. Several other Islamic hacking collectives were also specified in the cyberattack’s announcement. For all the grand talk, however, little came of it and websites were by-and-large unaffected.

The Department of Homeland Security issued a statement earlier this week akin to an amused pat on the head, stating that the attack, at the most, would temporarily disrupt websites and nothing else. According to Mashable, the Honolulu Police Department and one hundred or so obscure small businesses had their websites hacked. That took place on May 6, however, and may have been unrelated.

[via Mashable]

The fake tweets resulted in a huge wave of responses from Justin Bieber’s followers. Many were shocked, many were “not surprised”, and many were indifferent. Hacking E! Online is a strange change of pace for the Syrian Electronic Army, who normally goes after news publications and human rights organizations. But its attack was foreshadowed with a recent tweet dated May 1st that said, “The next target will be different…”

E! Online is the latest victim in the Syrian Electronic Army’s attacks, but it most certainly isn’t the last. Twitter knows that as well, and has informed everyone to make sure their password is complicated and secure, and that news publications keep their passwords out of their emails. Twitter recently went to battle with the SEA by deleting their Twitter accounts, but seeing as Official_SEA12 is still up, Twitter probably assumed their attempts were futile.

Twitter is also in the process of developing a two-factor authentication system that should dramatically reduce the amount of account hacks, but the company has yet to reveal a launch date for the service. The SEA has already targeted many other accounts, such as several of CBS’s accounts, BBC’s accounts, NPR’s accounts, The Guardian’s accounts, and many more. It won’t be too long now before another group is added onto the list.

[via Business Insider]

As a result of the breach, LivingSocial has begun resetting users’ passwords, and is also sending off emails to customers advising them of the situation, with the exception of users located in South Korea, Thailand, the Philippines, and Indonesia because those systems weren’t harmed. Fortunately, while the hackers got some information, the passwords were encrypted.

Users will need to create a new password now that their current one has been reset. Said LivingSocial in a memo to its employees: “We recently experienced a cyberattack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.”

Although the passwords were encrypted, the possibility exists that they could be cracked, and because of this LivingSocial is encouraging its users to create new passwords on their other online accounts, such as banking, social networking, and email accounts, that use the same password or one close to it. In addition, LivingSocial is also advising users that any emails they may receive requesting password information is a phishing attempt and should be deleted.

[via New York]

The fake tweet was noticed by the AP fairly quickly, and several of their other Twitter accounts tweeted out that the hacked AP tweet was indeed bogus. However, many people were quick to shoot down the claim anyway, since the tweet wasn’t in AP style formatting in the first place, and no other mainstream news outlets were reporting on it.

The AP always puts “breaking” in all caps in their tweets, and they also use a service called SocialFlow to publish their tweets, whereas the fake tweet was sent out through the “web,” meaning it was sent through Twitter’s website rather than a third-party service like SocialFlow. Plus, the tweet was in title case, which the AP and other news sources never use.

In the end, it took only three minutes for the fake tweet to be officially denied by the AP, with the account being suspended just four minutes later. This is quite a fast response, but we shouldn’t expect nothing less of a news source like the AP, who is constantly keeping an eye on their social media feeds.

[via The Next Web]

At this point, the Syrian Electronic Army is up to their 6th alternative account, which has yet to be banned. However, the SEA didn’t stop just there. With their current Twitter account, they tweeted an image of a data dump that contained personal information belonging to Joseph “Sepp” Blatter, the President of FIFA, the international governing body of football. Blatter’s email address, phone number and fax number were all leaked.

Not only did they leak his personal information, the SEA made claims that it was the group that had hacked into Blatter and the FIFA World Cup’s Twitter accounts. On those accounts, the group released tweets saying that Blatter conspired with Qatar against the Syrian football team. Other tweets said that Blatter took bribes, and that he was going to step down from his position due to corruption charges.

A few days ago, the SEA hacked into several of CBS’s Twitter accounts, including its accounts for 60 Minutes, 48 Hours, and CBSDenver. The hackers tweeted things associated with President Obama and the U.S. being in bed with Al-Qaeda. The group is also responsible for hacking 3 of BBC’s Twitter accounts, NPR’s Twitter accounts, the website/Twitter account belonging to the Human Rights Watch and more. Many security officials have asked Twitter to implement a two-factor authentication system into its service to keep hackers like the SEA at bay.

[via Information Week]

A data breach is self-explanatory, meaning that information of some sort has been compromised, whether it is employee data or a roster of login information. A security incident, however, is something related that doesn’t quite achieve the “breach” threshold, such as a DDOS attack. According to the breakdown, no one was spared from the cyberattcks, with all sorts of businesses and organizations falling victim.

Small, medium, and large businesses, law enforcement agencies, media companies, financial institutions, commercial websites, organizations, and more all suffered from various security breaches and incidents last year. Out of them, it is said that 76-percent were the result of either stolen or weak usernames/passwords, with the the data being harvested using means ranging from skimmers to malware.

According to the New York Times, Wade Baker, a principal author of the Verizon report, said: “The results validate that any business that operates online is at potential risk of suffering a data breach … the report shows that no matter the size of the organization — large, small, government agencies, banks, restaurants, retailers — people are stealing data from a range of different organizations and it’s a problem everyone has to deal with.”

[via New York Times]

The final written warning was issued back on October 25th, 2012. It was issued to Keys because he created a parody Twitter account named @PendingLarry. It was used to mock Larry Page, CEO of Google. The warning goes on to say that creating the fake account that did not identify Keys as the author violated Reuter’s Social Media Policy. It also stated that his actions “displayed a serious lapse of judgment and professionalism that is unbecoming of a Reuters journalist.” The following sentences may be the reason as to why Keys was terminated,

“For these reasons, we are issuing this final written warning. We must see immediate improvement in your communications with managers and more discretion in your social media practices.”

Keys, who was Reuter’s Deputy Social Media Editor, recently came under fire a few days ago after he was criticized for tweeting misinformation from police scanners. His first tweet stated, “Dispatch: First Boston bomb suspect is Mike Mulugeta,” and his second tweet stated, “Dispatcher: Suspect 2 is missing Brown University student Sunil Tripathi.” Keys defended his position in a Facebook post, stating he was unaware that the police asked people not to publish information from police scanners, and that other social journalists were doing the same thing as he was.

Keys told Politico that his termination from Reuters “wasn’t unexpected”, and that his independent coverage of the Boston bombings was one of the reasons why he was fired. Keys also told Politico that Reuters had a “specific set of reasons for the termination” which he and the union agree “is incorrect and doesn’t hold any water.” He states that Reuters may have just been “looking for an out” and jumped at the opportunity to fire him.

[via Politico]

LulzSec is a branch from the more popularly-known Anonymous hacker collective, and has claimed to have initiated quite a few high-profile cyberattacks against private and government websites alike. One such attack was against Sony, who’s website Kretsinger claims to have accessed, gathering information and spreading it to two other LulzSec hackers.

That information was then made public on the group’s Twitter account and on its website, resulting in what prosecutors say was in excess of $600,000 worth of damage to the corporation. Additional members of the hacking group are slated for sentencing, having plead guilty to various related charges earlier this month and back in the summer of 2012.

On April 9, LulzSec members Jake Davis, Mustafa al-Bassam, and Ryan Ackroyd all plead guilty in London to cyberattacks against Sony, in addition to other entities, such as the NHS and News International. Ackroyd, in particular, plead guilty to also plotting cyberattacks against many other websites, among them being 20th Century Fox. Davis and al-Bassam plead guilty to conspiracy to attack law enforcement agencies in both the UK and US. They will be sentenced on May 14.

[via Reuters]

It turns out that two important aviation systems — the Automated Dependent Surveillance-Broadcast (ADS-B) and the Aircraft Communications Addressing and Reporting System (ACARS) — are completely unencrypted and unauthenticated, allowing anyone with the right tools and a little know-how to access the system remotely without too much trouble.

Teso simply hit up eBay for “actual flight code software” that’s normally used for training pilots, as well as nabbing a radio transmitter. During the demonstration, Teso audited real aircraft code by searching for vulnerabilities on a fleet of virtual aircrafts (using real airplanes in this case would obviously be unethical and quite illegal. Along with an Android app called PlaneSploit (which won’t be hitting the Google Play store), Teso was able to control the steering of a Boeing jet, as long as the plane was in autopilot mode.

Teso has been working in the IT industry for 11 years now, and before that he was a trained and licensed commercial pilot for 12 years. His 23 years of combined experienced with the two professions has led him to teach the public about the state of the security of aviation computer systems and communication protocols, which are actually not that secure, as Teso demonstrated.

[via Help Net Security]

A couple of security experts have stated that cyber attacks, like the one on Spamhaus, are a sign of many similar attacks that will show up in the future. Kaspersky has stated that the attack is the largest DDoS attack to date. It stated that the scale of the attack was speculated to be operating at speeds of 300Gbps. It also states that attacks like these will be occurring more in the future due to the “development of the Internet itself” as well as two major motives. The first motive being “monterary profit”, where cyber criminals use DDoS attacks to disrupt a corporation’s services in order to extort money from them. The second motive revolves around cyber criminals launching DDoS attacks against companies to satisfy their own personal agendas.

Joakim Sundberg, part of F5 Networks, stated that he expected to see an attack like the one on Spamhaus for some time now. He called the attack “domain name service reflection”. He states that DNS Reflection attacks will start becoming more mainstream in DDoS attacks in the future, especially as more cyber criminals and hacktivists need to come up with more new, and better ways to launch their attacks.

Sundberg also states that while the Spamhaus attack may be the largest DDoS attack right now, it’s “just one among many that we will see throughout 2013.” He says that a DDoS attack is “just a smoke screen for a more sophisticated attack that can potentially cost the company even more money.” Whatever the attack may be, Spamhaus is confident that they will be able to withstand it. The group says, “We can’t be brought down. Spamhaus has more than 80 servers around the world. We’ve built the biggest DNS server around.” Whatever is going on between the two companies, it’ll just end up hurting innocent consumers in the end.

[via The Telegraph]

What we’ve got going on here is a battle on several tiers. The first is the blocking of Cyberbunker by the powers that be – with Spamhaus, that is. The second is the retaliation that a variety of hacker groups are taking on Cyberbunker as well as a collection of other sites for having blocked Cyberbunker in the first place. Cyberbunker is being accused of hosting SPAM websites and sources that Spamhaus has dedicated themselves to kicking out of the web.

Spamhaus is a non-profit group that helps email providers filter unwanted content from users across the web. They do this with a collection of block lists of known Spammers and malicious organizations. Spamhaus recently blocked servers maintained by Cyberbunker and said that the business was working in cooperation with “criminal gangs” of the Eastern Europe and Russian variety in their retaliation for the blocks.

Cyberbunker is known for being a server of all manner of web content, with only a couple of choice exceptions. Spam is not one of them. Speaking with the BBC this week, Steve Linford, chief executive for Spamhaus, noted that the retaliatory attacks happening now have been unheard of in scale.

“We’ve been under this cyber-attack for well over a week. But we’re up – they haven’t been able to knock us down. Our engineers are doing an immense job in keeping it up – this sort of attack would take down pretty much anything else. If you aimed this at Downing Street they would be down instantly. They would be completely off the internet.” – Linford

Speaking about the effect this attack has been having on the rest of the web, Prof Alan Woodward also let the BBC know that the internet was, indeed, slowing down as a result. Woodward is a cybersecurity expert at the University of Surrey.

“If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps. With this attack, there’s so much traffic it’s clogging up the motorway itself.” – Woodward

According to Spamhaus’ Linford, Google and a variety of other helpful companies with the capacity to assist have been making their resources available in an effort to “absorb” the traffic this event is generating. Linford has also added that they’re quite confident that they’ll prevail eventually.

“They are targeting every part of the internet infrastructure that they feel can be brought down. We can’t be brought down. Spamhaus has more than 80 servers around the world. We’ve built the biggest DNS server around.” – Linford

Sound like a fun battle to you? We’ll be following this story with a close eye as it continues to affect us all. Let us know if you’ve felt the impact yourself – or if you think it’s all bullocks, instead insisting that your internet is just slower than everyone else!

Instead of ranting about overt political motivations or other such common tweets that appear on hacked accounts, the Syrian Electronic Army posted fake weather snippets for various Middle Eastern locations, some with their own between-the-lines statement, while others were just altogether odd, such as the tweet: “Saudi weather station down due to head-on collision with camel.”

Other tweets read: “Chaotic weather forecast for Lebanon as the government decides to distance itself from the Milky Way.” and “Tsunami alert for Haifa: Residents are advised to return to Poland.” According to the BBC, this same group, which shortens its name to SEA, has in the past proclaimed support across digital mediums for the Syrian President Bashar al Assad.

In the announcement, the media company stated that a phishing email had been sent to some BBC email addresses. The email contained a link that would help the responsible party gain “password details,” but the email has not been tied to the attack at this time. The BBC issued an apology to its Twitter followers, saying that it “strongly condemns” such actions.

[via BBC]
Image via Sophos

Said Microsoft to ars technica: “We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees. We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use.”

In addition, Team Hype is said to use stolen Social Security numbers and credit information to take over Xbox LIVE accounts, according to Krebs, who has also linked one of the hackers with ordering DoS attacks on both his own and ars technica’s websites. The hackers made public videos of them holding account hijacking sessions, with some of those hijacked accounts then being sold to LIVE users.

Earlier today, Microsoft also confirmed that Xbox LIVE users who had used the Xbox Entertainment Award app were compromised, with the Entertainment website having displayed approximately 3,000 instances of gamertags and private information, such as addresses and names. As a result, Microsoft has temporarily pulled the app while it sorts out the issue, directing concerned customers to its Xbox Security Web page.

[via ars technica]

Auernheimer was found guilty back in November in a federal court in New Jersey. He was found guilty on one count of identity fraud and one count of conspiracy to access a computer without authorization. Auernheimer and a colleague worked together to exploit the security flaw, both of whom will be punished and will be ordered to pay AT&T a collective $73,000 for damages.

The case has been a controversial one, and this is just one out of many highly-criticized cases of security researchers who have been charged with computer crimes thanks to the Computer Fraud and Abuse Act. Meanwhile, activists are calling for reform of the law to distinct between criminal hacking and simple unauthorized access, which would protect security researchers whose activities are not meant to be criminal.

Obviously, Auernheimer will appeal the court’s decision, but apparently he doesn’t regret his actions regarding the AT&T security flaw, and says (in a Reddit AmA) that he was just “being nice enough to give AT&T a chance to patch” the vulnerability before the data set got leaked, but that he “won’t be as nice next time.”

[via Ars Technica]

The information was provided by Keys in an unnamed Internet forum, where he posted the information for Anonymous and added a qualifier to “go [expletive] some [expletive] up.” We’ll let you fill in the blanks. One of the hackers then proceeded to use the login information about a week later, accessing the media company’s website.

A news story on the Times website about Representative Steny Hoyer was altered in an unspecified manner. According to a post by the hacker on the forum with which he was associated with Keys, the altered information was live on the media company’s website for about 30 minutes. Keys responded with “nice,” according to the complaint.

Keys, who has been charged with three felonies related to information transfer, worked for the Tribune until he was fired, at which point he took up his current job with Reuters as deputy socia media editor a little over a year ago. Keys faces up to 10 years in prison, a $250,000, and three years of supervised release per felony.

[via Wall Street Journal]

It all seems like the blame game so far, but hopefully things will come to an end soon. China’s Foreign Ministry spokeswoman, Hua Chuying, said that China is willing to discuss the issues and cooperate with the international community “on the basis of the principles of mutual respect and mutual trust.” She stated that cyber security is a big issue and that China is one of the biggest victims of the attacks.

This statement comes one day after Tom Donilo, the national security adviser to President Obama, gave the Chinese government 3 courses of actions to follow in order to end the cyber attacks. He told China to give public recognition of the issue, give their assurance that the Chinese hackers would be targeted and dealt with, and give their consent to taking part of forming worldwide cyberspace standards.

Senior officers of the People’s Liberation Army were outraged by the United States’s accusations and demands. Major General Liu Lianhua from the Guangzhou Military District stated, “This talk from the U.S. has no foundation whatsoever. And what evidence is there? There isn’t any!” Another deputy from the Nanjing Military District called the United States a “thief calling others a thief.” Mandiant, a U.S security firm, provided a 60-page report indicating that a majority of the cyber attacks came from China, a report that China dismissed because they believe the IP addresses were spoofed to place the blame on them.

[via Reuters]

The demand came from Tom Donilon, national security adviser to the president. He outlined three courses of actions the United States government would like the Chinese government to follow, which are as follows: public recognition of the issue, assurance that Chinese hackers will be targeted and dealt with proactively, and consent to being part of talks on forming worldwide cyberspace standards.

Said Donilon: “Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale. The international community cannot tolerate such activity from any country.”

Not surprisingly, China denied the claims, stating that they were fabricated to make the nation look bad. Yesterday, the nation called for global “rules and cooperation” in regards to hacking, claiming that it likewise has suffered cyberattacks, with its attackers being traced back to the United States. Said the nation’s foreign minister Yang Jiechi, “[The] international community is closely interconnected on the Internet, therefore cyberspace needs rules and cooperation, not war.”

[via New York Times]

The Chinese government has issued a call for international “rules and cooperation” on the recent hacking issues. China has stated that they have been the target of several internet hacks as well, and that it’s not just the United States who are the victims. They stated that by tracing the cyber attacks, they discovered that the hackers were located in the United States. This could just be a case of finger pointing, or the attacks may be a case of retaliation.

A United States security firm, Madiant, issued a 60+ page report that provides evidence that there is a link between the cyber attacks on U.S. businesses, the Chinese hacking groups, and also the Chinese government. The cyber attacks originated at the HQ for the People’s Liberation Army Unit 61398 in China. China has stated that those accusations were false and that the IP addresses could have been easily spoofed in order to plant the blame on them.

Yang Jiechi, China’s Foreign Minister, stated that the “international community is closely interconnected on the Internet, therefore cyberspace needs rules and cooperation, not war.” He says that he hopes the accusations against China would stop because they will “not be able to blacken the name of others nor whitewash themselves.” However, it’s hard to refute the report from Mandiant, that shows that around 141 companies had their data stolen by the People Liberation Army, and 115 of those companies were from the United States.

[via New York Times]

Security firm FireEye has detected the vulnerability, and they have “observed successful exploitation” against browsers that are running Java 1.6 update 41 and Java 1.7 update 15. These are the two most recently released versions of Java 6 and Java 7. The vulnerability allows the install of a remote-access trojan called McRat.

However, the attack is only triggered when people with an infected version of the Java browser plugin visit a website that has been infested with the malicious code. Plus, FireEye says that the exploit “is not very reliable,” since it just simply tries to overwrite a large chunk of memory. In other words, hackers can succeed in downloading malicious code onto victims’ computers, but most of the time it fails to actually execute.

FireEye suggest disabling Java until a patch has been applied, or if you don’t use Java, you can simply uninstall the plugin altogether. Last month, Apple employees were targeted by a Java zero-day exploit, and while a handful of company computers were breached into, the company says no personal data was stolen. The same goes for Facebook, which experienced the exploit a few days before.

[via Information Week]

According to Anonymous, it considered this information to be newsworthy for several reasons, including the insecure way it is stored and the rather disconcerting fact that it contains information about “hundred [sic] of thousands” of both employees and executives of many corporations globally, with that information including data about the individuals’ salaries. The data on individuals was named “Bloomberg” and tagged as “reuterscompanycontent,” and comprised a total of 4.8 gigabytes.

The point about the data being stored insecurely is underscored not just by the fact that the hackers accessed it, but also by how they did it – without hacking. The amassed data is reportedly stored in Tel Aviv, where ClearForest is based, on an open server that is misconfigured, meaning that just about anyone can get it with a little bit of elbow grease.

Says the hackers, the information gathered is of a poorly researched nature, meaning that portions of it may not even be correct. The information being gathered is coming from IRC channels, social media, forums, and other such Internet locations, and has a focus on targeting activist movements and Anonymous. The spying utilizes an apparent keyword list with in excess of 10,000 entries used to find content on Twitter, IRC, and other Internet locations. Most of the entries are Wikipedia references, with 1,125 believed to be actual, relevant keywords.

Says Anonymous, it has released the data it found to raise awareness and make a point.

[via Paranoia]

Previously, Top Gear star Jeremy Clarkson was hacked on Monday by what appears to be the same hackers as today. Burger King and Jeep were also hacked earlier this week, making today’s Fisker hack the third automotive-related Twitter hack this week. We’re not sure what exactly is going on, but there’s a Twitter hacking spree going around, that’s for sure.

Fisker’s Twitter page has been brought back to normal, with the company addressing the hack, saying that “the fans and followers of Fiskerauto don’t need to lose weight” in a recent tweet. Today’s hack doesn’t appear to be linked to Burger King’s or Jeep’s hack, though, which saw both Twitter pages with changes to the branding.

Twitter has addressed its hacking problem in the past, and they’ve been sending out friendly reminders to its users to change their password every once in a while to avoid being hacked. However, there’s only so much they can do really. Sure, they could hire a work force of security engineers, but it seems hackers will always figure out a way in.

[via Jalopnik]

Many of the tweets are also similar to what we saw yesterday, mainly dealing with the superiority of Cadillac over Jeep, mixed in with some incoherent language and hashtags. The background was also changed to a McDonald’s-laden blinged-out car, pretty much confirming that it’s the same hacking group that we saw yesterday, due to the McDonald’s reference.

If it is the same group, then the Defonic Team Screen Name Club are the ones behind today’s Twitter hack. The group is best known for hacking into Paris Hilton’s phone a while back. Of course, Jeep is gaining hundreds of new followers by the minute, similar to how Burger King’s following grew by 30,000 users in about an hour’s time.

Jeep’s Twitter account hasn’t been suspended, unlike Burger King’s account, and it seems things are back to normal. Jeep’s head of brand communications Todd Goyer says that the company is “aware of the issue and are working to resolve it as quickly as possible.” Most of the branding is back to normal and all of the irrelevant tweets have been deleted.

Apple has confirmed the news to Reuters and say that they’re currently working with authorities to investigate the attacks, but luckily the Cupertino-based company says that “there was no evidence that any data left Apple.” Apple also plans to release a tool later today that will protect Mac users against the software used in the attacks.

UPDATE: Apple has released a new version of Java meant to plug up the vulnerability. It’s available now on Apple’s support page or through the Software Update tool on OS X.

However, the exploit was said to be spread from a website for software developers, so it seems regular consumers are okay at this point. Apple ended up identifying a small number of systems that were infected, but isolated them immediately to prevent further spreading of the bug. Since newer Macs ship without Java installed, most users shouldn’t worry, but the removal tool should provide a sense of ease anyway,

Similar attacks also targeted The Wall Street Journal, The New York Times, and Twitter just recently. All companies affected said that no critical information was stolen, but of course, that didn’t make the situation much better. Twitter says that 250,000 accounts were hacked, resulting in conscience users to change their passwords right away.

According to the New York Times, American security firm Mandiant will be releasing a 60-page report detailing a link between the Chinese hacking groups and the Chinese government. In particular, the attacks are believed to originate from an office building near Shanghai, the functioning HQ for the People’s Liberation Army Unit 61398.

The Chinese government still adamantly denies the allegations, but Mandiant’s founder Kevin Mandia puts it into perspective. “Either they are coming from inside Unit 61398, or the people who run the most controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

According to a source who spoke with the Times, multiple security agencies and all intelligence agencies within in the United States believe that the Chinese hacking groups from which these attacks originate are either working as contractors for Unit 61398, or are being run by the military. Although evidence shows that one of the hacking groups in question – Command Crew – was not responsible for attacking the Times, it does show several other targets that have been affected, including such big names as Coca-Cola, as well as more important targets, such as the infrastructure that controls our electricity, water, and gas.

Burger King’s Twitter account, which has almost 90,000 followers, was made to look like McDonald’s own Twitter feed, with a McDonald’s logo and all. The only difference was that the username remained unchanged. Many of the tweets beared the hashtag “#DFNCTSC”, which seem to suggest that the hackers behind this comical trick are a part of the Defonic Team Screen Name Club, who are best known for hacking into Paris Hilton’s phone.

The hackers continued to tweet for 30 minutes before the account was finally suspended for the time being. Tweets were filled with text, photos, and videos that made fun of Burger King and its employees, including a couple of tweets mentioning employees doing drugs in the bathroom. The rest of the tweets were pretty random and some didn’t really make sense.

Twitter has recently been a huge target for hackers, with over 250,000 passwords leaked from a hacker who broke into the service’s servers. This also isn’t the first time that verified accounts, and popular Twitter users have been targeted. Major League Baseball was recently hacked, as well as the New York Yankees account, which made fun of Derek Jeter.

UPDATE: We’ve received some stats about the hacking from Unmetric regarding the Twitter account. The number of followers that the account gained jumped from 83,000 to 110,000 within 60 minutes, and the hackers sent a total of 55 tweets before the account was eventually suspended, 33 of which were either replies or retweets. McDonald’s also chimed in on the Burger King hack, assuring users that they had nothing to do with the fiasco.

[via ABC News]

In several counties in Montana, KRTV says that the hackers broadcasted an emergency alert message that informed viewers that “dead bodies are rising from their graves,” and that the bodies were “attacking the living,” warning people not to “approach or apprehend these bodies as they are extremely dangerous.”

While the hackers used an alert system normally meant for weather emergencies, the network The network assures viewers that there actually isn’t any such emergency, and its engineers are investigating the situation to see what happened. Apparently, the message sparked four calls to local police to see if the zombie apocalypse was real.

It’s certainly an interesting way to hack into a news station, and from what we’ve been hearing about recently with Anonymous and other takedown hacker groups, it’s nice to take a break from that and have a laugh over what seems to be a completely-harmless hack, although we’re sure that KRTV officials and engineers will be working overtime to make their system more secure for the future.

[via FOX]

While the bank said that the breach didn’t “affect critical operations”, the news definitely doesn’t make the situation any less worrisome. The bank didn’t specifically mention any details, but a spokesperson said that the hacker group got in “by exploiting a temporary vulnerability in a website vendor product…exposure was fixed shortly after discovery and is no longer an issue.”

The hackers accessed the St. Louis Fed Emergency Communications System database, which was put in place in 2008, and is used by banking agencies to communicate during an emergency. In total, the system is used by 17 states in the US, with several more to utilize the system sometime this year.

Of course, some are saying that the Federal Reserve is downplaying the severity of the hack on its systems. Sensitive data on more than 4,000 banking officials was compromised, and while the organizations try to minimize the damage of the hack, security experts say that the damage that was already done is bad news and poses serious risks.

[via ZDNet]

According to letter, the attacks resulted in the “unauthorized disclosure of employee and contractor Personally Identifiable Information.” No information was provided about who is responsible for the hacks, however. The agency is actively, along with law enforcement, investigating the attack, and looking into what other information may have been compromised.

Although the information was provided in the form of a letter to employees, the agency has not stated anything official publicly. Spokespersons for the Department of Energy declined commenting on the issues. The agency was required by law to disclose when sensitive personal information has been compromised; according to the letter, no classified information was jeopardized.

This follows the disclosure of hacking attacks by several other companies and agencies. On Friday, we reported that Twitter had discovered a live hacking attempt, and that 250,000 accounts had been compromised. Meanwhile, the New York Times, Washington Post, and Wall Street Journal have all reported that they have undergone attacks by hackers in China.

[via Reuters]

According to the sources, the attacks only began targeting the newsroom in 2012, during which time it was discovered that the computers were connecting to Chinese web servers. Beyond that, information about the matter is pretty scarce, since the Post did not make any official statements on the alleged attacks. One spokesperson stated that the company doesn’t “have anything to share at this time.”

American media companies are reported to have been under attack from China since 2008, a move on the aforementioned nation’s part to keep an eye on coverage about the nation and its various happenings. Investigations by security agencies and companies have revealed that many journalists and news employees have had files, emails, and contacts nabbed by the hackers.

The journalists who have been targeted all seem to have something in common – some type of coverage or work pertaining to China, whether its a political investigation or opinion piece. When asked about the issue, secretary of state Hillary Clinton stated, “We have seen over the last years an increase in not only the hacking attempts on government institutions but also nongovernmental ones … [the Chinese] are not the only people who are hacking us.”

According to the Wall Street Journal, its computer system had been hacked by China, but it did not specify how, when, or to what degree. Instead, it simply stated that the hacks were an attempt on China’s part to monitor how the Journal reported on the country. A spokeswoman said that nothing indicated customer information was messed with, or that the hacking was done for financial reasons.

Says Journal spokesperson Paula Keve in a statement: “We continue to work closely with the authorities and outside security specialists, taking extensive measures to protect our customers, employees, journalists and sources. We fully intend to continue the aggressive and independent journalism for which we are known.”

In response to the attacks, the Wall Street Journal has performed a complete change to its network designed to increase security and keep the hackers out. The newspaper is likewise working with security experts to help maintain the safety of its network. Many other news outlets have also been the target of China’s attacks, something the FBI views as a national security issue, and that it has been looking in to for over a year.

[via Wall Street Journal]

The security personnel hired by the New York Times identified that the attacks were originating from China, and that they were similiar to those that have been linked to the nation’s military. The attacks were pushed through breached universities throughout the U.S. in an effort to hide where they were originating from. The breach on the Times’ computer system was achieved via malware.

Once access to the computers was achieved, the hackers then gathered passwords for all Times’ employees, and via those managed to gain access to 53 personal computers. At the end of it all, the hackers then gained access to the email accounts of David Barboza, the New York Times’ bureau chief in Shanghai, as well as Jim Yardley, its previous bureau chief in Beijing. The hackers were not successful in accessing any data that was of a sensitive nature about the Wen family investigation, however.

The investigation in question concerns information showing that the Prime Minister’s family has a several billion dollar fortune that it has amassed via “business dealings.” Customers don’t need to worry, with the Times reporting that security experts say only information related to the Wen family investigation was sought. When questioned, the Chinese Ministry of National Defense called the accusations unprofessional, and said that such activity is against Chinese law, completely avoiding a straight “no” response.

[via New York Times]

The message said that “a line was crossed” with the death of Swartz and lambasted the current state of the justice system in the United States, claiming “law is wielded less and less to uphold justice, and more and more to exercise control, authority and power in the interests of oppression or personal gain.” In the time since Anonymous took over the website, the U.S. government has taken it offline. There’s no word on when the website will return, but you can bet that the government will be looking for the hackers who carried out this attack.

Those who did hack into the U.S. Sentencing Commission’s website need to tread carefully, because lately we’ve been seeing quite a few hackers get arrested for their actions. Just yesterday, a group of Anonymous hackers were arrested for their involvement in the attacks on PayPal, MasterCard, and Visa. Still, Anonymous members have never seemed too concerned about the repercussions of their actions in the past – they just want to get their message across.

Anonymous is upset over the treatment of Aaron Swartz, who allegedly downloaded millions of papers from JSTOR. Swartz was facing a fine of as much as $1 million and could have been hit with 35 years of jail time. These penalties were seen by many as extreme, and after his passing, we’re seeing blowback from a lot of Internet activists. Stay tuned for more information.

[via CBSNews]

The petition can be found over at the White House’s We the People page, where it currently has 775 signatures. Per the website’s FAQ, the petition has to reach 25,000 signatures within 30 days in order to be reviewed by the White House. To meet this requirement, it currently needs a little over 24,000 signatures by February 6.

Says the petition: “With the advance in internet techonology [sic], comes new grounds for protesting. Distributed denial-of-service (DDoS), is not any form of hacking in any way. It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any “occupy” protest. Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time.”

The petition then goes on to state that those who have been jailed for performing DDoS attacks should be released, and that any criminal record resulting from such legal situations should be cleared. Anonymous has performed its fair share of denial of service attacks over the years, often as a form of protest. Recently, McAfee Lab published a report in which it states that we’ll see a decline in Anonymous attacks in 2013.

[via White House]

Recently, several banks across the nation have been hit with attacks that harmed them to various degrees for ten or so minutes before they recovered. This is due to extremely high amounts of that are being directed to the banks in the DDoS attacks, affecting the likes of Wells Fargo, HSBC, Bank of America, and Citigroup, among others.

According to a former state official, the United States government is 100-percent certain that Iran is the cause of the attacks. Likewise, security firm Radware’s Vice President Carl Herberger is quoted as saying, “The scale, the scope and the effectiveness of these attacks have been unprecedented. There have never been this many financial institutions under this much duress.”

Fortunately, none of the bank accounts have been violated, and no money has been taken. The attacks are being directed from data centers, which are said to have taken control of some small-time cloud services and used them as the powerhouse behind initiating the attacks. Two issues are making it difficult to resolve the problem, however: 1, the DDoS attacks are encrypted, and 2, how the data centers are being hijacked is unknown.

[via New York Times]

Cosmo and his Underground Nazi (UG Nazi) hacking group went after Shirley Phelps a few days ago, successfully taking over her Twitter account. Cosmo switched out her profile image with one proclaiming his victory and pointing to the UG Nazi website, which has been seized by the FBI and bears FBI emblems. He is also reported to have hacked her DVR and filled it with gay porn, followed by cancelling her Internet service.

Now the hacker went after Fred Phelps, Jr., who’s Twitter account he successfully took over. The account has now been suspended by Twitter, just as Shirley’s was, and will presumably be back up and under Fred’s control tomorrow. All this started when WBC proclaimed that it would picket in Newtown in regards to the school shooting that took place.

Cosmo and UG Nazi isn’t the only hacker(s) targeting Westboro, however, with Anonymous also going after them. We reported yesterday that Twitter had temporarily suspended one of Anonymous’s Twitter accounts because it had allegedly posted personal information about Shirley Phelps. Twitter is alight with tweets supporting Anonymous and Cosmo in its/his actions.

[via Wired]