beforeyoukillyourcomputer.com

Are you more vulnerable to credit card theft if you stay in a hotel?

No need to get paranoid, but it is a valid question, since online security firm Trustwave Spiderlabs consider hotels hackers’ No. 1 target. It’s also a timely question since Wyndham Hotels just yesterday announced that hackers stole customer credit card information by breaching its networks. It’s Wyndham’s third breach in 12 months.

• TWITTER: Follow Hotel Check-In’s feed
• FAVE PERK: Free room upgrade, wi-fi or breakfast?
• CELL PHONE: Use it to open your hotel door

To understand the problem better, I recently talked with online security expert Nicholas Percoco, who works as a security auditor and data breach investigator for the security firm Trustwave SpiderLabs. The firm investigates breaches for companies and figures out how they happen.

“This is a new trend. Prior to late 2008, we did not really see any investigations around hotels – maybe a handful,” Percoco told me during our conversation. “But it was not something significant enough to call it a trend.”

In the firm’s recent study of 218 breach investigations across 24 countries last year, Trustwave found that hotels accounted for about 70 of them – making them hackers’ favorite hackers, even over the financial services companies.

His theory is that sometime in late 2008, a fairly sophisticated group hacked into a single hotel and they identified it as an easy system to extract information, Percoco told me.

Full Story ~ USA Today

Intel has revealed in a Securities and Exchange Commission filing that it too was the target of a sophisticated hacking attack in January, around the same time Google complained to China about such cyberassaults.

Intel made a concisely worded disclosure in filing its Form 10-k annual report; publicly-traded companies are requred to disclose any material events that could be reasonably expected to affect stock prices and investors’ decisions.

Data thieves running the so-called “Operation Aurora” attack campaign hacked into Google and some 30 other large corporations last December and January.

So was Intel trying to signal that it, too, was one of Operation Aurora’s targets? The chip maker has declined to supply details.

Security experts point out that there is a mountain of circumstantial evidence suggesting there may not be any connection at all between the attacks on Intel vs. Google. “It is absolutely possible Intel could have been breached by someone else, given the sheer volume and variety of attacks seen every day,” says Eric Olson, vice president of solutions assurance at security firm Cyveillance.

Full Story ~ USA Today

Google would not comment on whether Intel was one of the roughly 20 unnamed companies that the world’s No. 1 Internet search engine said had been similarly targeted in attacks that originated in China.

The attack was just one of what the world’s largest chipmakers said were regular attempts on its computer systems, Intel said in a filing under a heading about potential theft or misuse of the company’s intellectual property.

“The only connection is timing,” Intel spokesman Chuck Mulloy said, declining to elaborate. The company first publicized the attack and pointed out the similarity in timing to the move on Google in an annual filing with the U.S. Securities and Exchange Commission.

Now that Google has publicly admitted to being successfully attacked without much damage to their reputation, analysts said other companies are rethinking their typically tight-lipped approach to security breaches.

Recent changes to disclosure laws and increased awareness of cyber-security may also have prompted Intel to come clean, analysts say.

But Intel did not say who was behind the attacks, from where in the world they originated, or what information, if any, had been taken.

Full Story ~ Reuters

It would seem to be prudent for the giants of industry to talk to each other or perhaps to a government agency when attacked in a sophisticated way.

Chinese military and education officials have dismissed reports linking them with a cyber attack on the Internet search engine Google. In an interview with China Daily, they said that a recent accusation printed in the New York Times was false.

In its report on Thursday, the New York Times linked two Chinese higher education institutions to cyber attacks on Google.

The world’s biggest search engine announced last month that it had been the target of a highly sophisticated attack in December. It said the hacking had come from a source within China.

The report claimed the two education facilities have close ties with the Chinese military and also Google’s competitor in China, Baidu.

Pan Zheng, an expert from the National Defense University, told China Daily that the attacks on Google had nothing to do with the Chinese government, nor the military. He went on to say that a hacking location inside China doesn’t necessarily mean the attacks were launched by the government or the military.

Major General Luo Yuan from the Academy of Military Science said that web hacking is against Chinese law. He stated that the Chinese military would not go against the rules. He claimed that it was irresponsible to blame the military when there was such a lack of evidence.

One of the accused schools is the Shandong-based Lanxiang Vocational School. School officials say they have been getting phone calls all day asking about the cyber attack. They say that the school provides lessons in I.T. and computing, and has no ties with the Chinese military.

A professor from Shanghai-based Jiaotong University, the other named Chinese institution, said he is not surprised by allegations that students hacked into websites. However he said that such acts were not malicious in motive, and that the students may simply have been testing out their Internet abilities. The professor added that the IP address of the university was often hijacked.

Source ~ CCTV.com

BEIJING, Feb. 23 (Xinhua) — The New York Times, the Wall Street Journal, Financial Times and some other newspapers have published articles indicating that cyber attacks targeting Google and several other U.S. companies were from China. Such allegations are arbitrary and biased.

These articles take as evidence that hackers’ IP addresses could be traced back to two schools in China. However, it is common sense that hackers can attack by hijacking computers from anywhere in the world. This fact also explains why hackers are hard to be tracked down.

Computers in China are easy to be hijacked by hackers as internet security technology and services are still underdeveloped in China. The majority of Chinese internet users also lack security awareness and adequate protection measures.

The hackers’ IP addresses could by no means vindicate the newspapers’ allegations that the attacks were carried out by Chinese citizens or from within China.

Certain newspapers went even further by indicating that the Chinese government and the military might have supported those cyber attacks.

Full Story ~ xinhuanet

With its sterling reputation and its scientific bent, Shanghai Jiaotong University has the feel of an Ivy League institution.

The university has alliances with elite American ones like Duke and the University of Michigan. And it is so rich in science and engineering talent that Microsoft and Intel have moved into a research park directly adjacent to the school.

But Jiaotong, whose sprawling campus here has more than 33,000 students, is facing an unpleasant question: is it a base for sophisticated computer hackers?

Investigators looking into Web attacks on Google and dozens of other American companies last year have traced the intrusions to computers at Jiaotong as well as an obscure vocational school in eastern China, according to people briefed on the case.

Security experts caution that it is hard to trace online attacks and that the digital footprints may be a “false flag,” a kind of decoy intended to throw investigators off track.

But those with knowledge of the investigation say there are reliable clues that suggest the highly sophisticated attacks may have originated at Jiaotong and the more obscure campus, Lanxiang Vocational School in Shandong Province, an institution with ties to the Chinese military.

Last weekend, the two schools strongly denied any knowledge of the attacks, which singled out corporate files and the e-mail accounts of human rights activists.

A spokesman for Jiaotong told local news outlets that school officials were “shocked and indignant” to learn of the allegations. And a Lanxiang spokesman called the reports preposterous.

Full Story ~ The New York Times

Nearly 15 months after the Defense Department banned the use of external computer flash drives, officials have agreed to allow limited use of the convenient high-tech storage devices.

The approved flash drives will be included in kits that the military will soon begin to distribute, with the first priority being troops in Afghanistan and Iraq who need the devices to carry or transfer critical data.

Vice Adm. Carl V. Mauney, deputy commander of U.S. Strategic Command, told reporters Friday that initially only dozens will be sent to the war zone, but eventually more kits will be created and distributed. He said he does not know how much the kits will cost, or how many will be handed out over time.

Plagued by millions of computer probes and attacks every day, the Pentagon has been struggling to balance its need for strict computer security with the urgent battlefield demands of its commanders. Defense Department and other U.S. government officials repeatedly warn of the growing threat of coordinated cyber attacks that pose potential national security risks.

Full Story ~ The Washington Post

The New York Times is reporting that the recent online attacks on Google and on other American corporations have been traced to two computers at schools in China.

The two schools in question are Shanghai Jiaotong University and the Lanxiang Vocational School, according to anonymous sources of the newspaper.

Jiaotong touts one of China’s top computer science programs. Lanxiang is a vocational school that was founded by the military and trains computer scientists for the military.

Google first announced on Jan. 12 that it and other companies were the targets of computer hijacking which were believed to be from China. The attacks, which were intended to steal trade secrets and computer codes and also the e-mail of Chinese human rights activists, may have begun in April — months earlier than originally thought.

Only until recently, the investigation had led the National Security Agency to Taiwan.

Spokesmen for the Chinese schools said that they were unaware that American officials traced the hacking to the schools.

According to an interview with a professor of Jiaotong’s School of Information Security Engineering in the Times article, it is common for students to hack into foreign Web sites.

Full Story ~ Fox News

“The ZeuS Compromise” may sound like a great movie, but it’s actually a newly uncovered, massive hacking network — and it’s a doozy, affecting more than 74,000 PCs in 2,400 business and government systems around the world.

And it’s still up and running.

But worse, the security analysts who detected the underground network believe the criminals behind it aren’t even after money. Instead they have built a secret underground network to rent out to gangs, cybercrooks — and even rogue governments.

Detected by network-forensics firm NetWitness, the newly-discovered infestation — dubbed the “Kneber botnet” after the username linking the infected computers — gathers login credentials to online financial systems, social networking sites and e-mail systems from infested computers and reports the information to miscreants who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identities.

Information compiled by NetWitness showed that hackers gained access to a wide array of data at 2,411 companies, from credit-card transactions to intellectual property.

Full Story ~ Fox News