We are only into the first month of 2011 and the hacks, cracks and breaches reported have been epic. Fortinet predicted 2011 would be a big year for cybercrooks to hire, but perhaps 2011 will be the year of the cracker, filled with all kinds of hacks and breaches?
Millions have been breached and when information that is supposed to be private becomes public, it can open the way to identity theft. Cut the chitchat and show you the hacks?
Dear Mail & Guardian reader
The Mail & Guardian's website is under sustained attack by hackers. We are dealing with the problem, but to make absolutely sure that your security isn't compromised, we have decided to suspend the service temporarily. It's a drastic measure, but we really don't want to take any chances with security. We apologise for this interruption of service. We'll be back as soon as we have made certain that the problem has been effectively dealt with. We'll continue to update you as soon as we have news.
Yet when I asked:
- Can you tell me how USA customer verification process is different than India's?
Not a pizza fan, but into makeup? The handmade cosmetic group Lush admitted the UK version of its website was hacked in the weeks leading up to Christmas, although it only recently gave customers the heads-up warning that thousands of them were at risk of having their credit card information stolen. The UK Lush website posted a note to the hacker: "TO THE HACKER If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job -- were it not for the fact that your morals are clearly not compatible with ours or our customers'."
Included in the information for its customers, Lush posted: "For complete ease of mind, we would like all customers that placed ONLINE orders with us between 4th Oct 2010 and today, 20th Jan 2011, to contact their banks for advice as their card details may have been compromised." On the Lush Facebook page, angry customers were reporting fraudulent transactions showing up on their banking activity and asking Lush why there was such a "ridiculous delay" before alerting them to breach.
A bold hacker is setting up shop after bashing lax security. As Richi Jennings pointed out, a brazen hacker is making a fool of .mil and .gov security by selling access to conquered websites. Prices ranges from $33 to $499 depending upon the site's importance.
According to ThreatPost, PandaLabs says prices are dropping on the cybercrime black market where cybercrooks can buy "everything from stolen banking credentials to phony ATM machines, to fake credit cards - some of which can be had for as little as $2 a piece."
It's debatable whether or not this high profile hack was an entry for Facebook's Hacker Cup competition. TechCrunch reported, "Let the hacking begin" as appeared on Facebook CEO Mark Zuckerberg's fan page. "Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business' the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011." The hacked fan page was taken down pretty fast.
In the never-ending battle of famous people getting hacked, the popstar P!nk had her Twitter account hacked. EarSucker reported, "Pink was the target of a nefarious Twitter hacker -- her husband, Carey Hart!"
After the Egyptian authorities blocked access to Twitter, Anonymous hackers released a press release today asking citizens to get busy with "Operation Egypt" and launch a DDoS attack on Egyptian government.
Another day, another hack: 4chan members posted the administrative username ("admin") and password ("poopnugget") of a New Jersey school district on a message board, allowing access to the online student information system of the Plainfield Board of Education. Robert McMillan reported, "It's not clear how much damage was caused, but 4chan members soon started posting screenshots showing how they were able to mess with the school's system. One screenshot shows school lunch prices reset to $9,000 per meal. Another post claims that "every class is now an elective, and requires only 1 credit to graduate."
A previous target of Anonymous, antipiracy lawyer Andrew Crossley from ACS:Law has stopped issuing demands for damages and abandoned all P2P cases against alleged copyright infringers, noted the Telegraph.
In the lawfirm-thinks-it's-funny category, Torrent Freak reported, "Funimation announced a lawsuit against 1337 alleged BitTorrent downloaders."
The Department of Justice is seeking mandatory two-year data retention for U.S. ISPs [PDF]. As reported on ComputerWorld, the DOJ said "data retention was crucial to fighting Internet crimes, especially online child pornography." The emphasis is mine, since retaining data for that long could also create a handy little dragnet for law enforcement.
That's only skimming the surface of what has happened when we are not even one complete month into 2011.
This story, "2011: The Year of Epic Hacking" was originally published by Computerworld.