In a twist of fate that copyright owners are sure to snicker at, The Pirate Bay apparently has been hacked and the info bandits have made off with user information.
According to Brian Krebs, up until December an Internet security reporter with The Washington Post, an Argentinian hacker called Ch Russo penetrated The Pirate Bay, one of the world’s leading BitTorrent search engines, and snatched “user names, e-mail and Internet addresses of more than 4 million of the site’s users.”
Reporting on his blog, Krebsonsecurity.com, Krebs said that to prove the validity of his claims, Russo sent Krebs’ own username and password for The Pirate Bay. Krebs confirmed that the information was accurate.
Russo acknowledged that he and an associate who helped get into The Pirate Bay considered selling the data to the big music labels or Hollywood studios, but instead went public about the site’s vulnerabilities.
“We wanted to tell people that their information may not be so well-protected,” Russo said.
Russo said he accessed The Pirate Bay’s user database by exploiting some of the site’s vulnerabilities to SQL injections.
Archive
Tag: hackers
Here’s something that the struggling hotel sector prefers not to spotlight: it is a favorite target of hackers.
A study released this year by SpiderLabs, a part of the data-security consulting company Trustwave, found that 38 percent of the credit card hacking cases last year involved the hotel industry. The sector was well ahead of the financial services industry (19 percent), retailing (14.2 percent), and restaurants and bars (13 percent).
Why hotels? Well, to paraphrase the bank robber Willie Sutton, hackers hit hotels because that is where the richest vein of personal credit card data is. At hotels with inadequate data security, “the greatest amount of credit card information can be obtained using the most simplified methods,” said Anthony C. Roman, a private security investigator with extensive experience in the hotel industry.
“It doesn’t require brilliance on the part of the hacker,” Mr. Roman said. “Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.”
No need to get paranoid, but it is a valid question, since online security firm Trustwave Spiderlabs consider hotels hackers’ No. 1 target. It’s also a timely question since Wyndham Hotels just yesterday announced that hackers stole customer credit card information by breaching its networks. It’s Wyndham’s third breach in 12 months.
- TWITTER: Follow Hotel Check-In’s feed
- FAVE PERK: Free room upgrade, wi-fi or breakfast?
- CELL PHONE: Use it to open your hotel door
To understand the problem better, I recently talked with online security expert Nicholas Percoco, who works as a security auditor and data breach investigator for the security firm Trustwave SpiderLabs. The firm investigates breaches for companies and figures out how they happen.
“This is a new trend. Prior to late 2008, we did not really see any investigations around hotels – maybe a handful,” Percoco told me during our conversation. “But it was not something significant enough to call it a trend.”
In the firm’s recent study of 218 breach investigations across 24 countries last year, Trustwave found that hotels accounted for about 70 of them – making them hackers’ favorite hackers, even over the financial services companies.
His theory is that sometime in late 2008, a fairly sophisticated group hacked into a single hotel and they identified it as an easy system to extract information, Percoco told me.
Intel has revealed in a Securities and Exchange Commission filing that it too was the target of a sophisticated hacking attack in January, around the same time Google complained to China about such cyberassaults.
Intel made a concisely worded disclosure in filing its Form 10-k annual report; publicly-traded companies are requred to disclose any material events that could be reasonably expected to affect stock prices and investors’ decisions.
Data thieves running the so-called “Operation Aurora” attack campaign hacked into Google and some 30 other large corporations last December and January.
So was Intel trying to signal that it, too, was one of Operation Aurora’s targets? The chip maker has declined to supply details.
Security experts point out that there is a mountain of circumstantial evidence suggesting there may not be any connection at all between the attacks on Intel vs. Google. “It is absolutely possible Intel could have been breached by someone else, given the sheer volume and variety of attacks seen every day,” says Eric Olson, vice president of solutions assurance at security firm Cyveillance.
The attack was just one of what the world’s largest chipmakers said were regular attempts on its computer systems, Intel said in a filing under a heading about potential theft or misuse of the company’s intellectual property.
“The only connection is timing,” Intel spokesman Chuck Mulloy said, declining to elaborate. The company first publicized the attack and pointed out the similarity in timing to the move on Google in an annual filing with the U.S. Securities and Exchange Commission.
Now that Google has publicly admitted to being successfully attacked without much damage to their reputation, analysts said other companies are rethinking their typically tight-lipped approach to security breaches.
Recent changes to disclosure laws and increased awareness of cyber-security may also have prompted Intel to come clean, analysts say.
But Intel did not say who was behind the attacks, from where in the world they originated, or what information, if any, had been taken.
It would seem to be prudent for the giants of industry to talk to each other or perhaps to a government agency when attacked in a sophisticated way.
Chinese military and education officials have dismissed reports linking them with a cyber attack on the Internet search engine Google. In an interview with China Daily, they said that a recent accusation printed in the New York Times was false.
In its report on Thursday, the New York Times linked two Chinese higher education institutions to cyber attacks on Google.
The world’s biggest search engine announced last month that it had been the target of a highly sophisticated attack in December. It said the hacking had come from a source within China.
The report claimed the two education facilities have close ties with the Chinese military and also Google’s competitor in China, Baidu.
Pan Zheng, an expert from the National Defense University, told China Daily that the attacks on Google had nothing to do with the Chinese government, nor the military. He went on to say that a hacking location inside China doesn’t necessarily mean the attacks were launched by the government or the military.
Major General Luo Yuan from the Academy of Military Science said that web hacking is against Chinese law. He stated that the Chinese military would not go against the rules. He claimed that it was irresponsible to blame the military when there was such a lack of evidence.
One of the accused schools is the Shandong-based Lanxiang Vocational School. School officials say they have been getting phone calls all day asking about the cyber attack. They say that the school provides lessons in I.T. and computing, and has no ties with the Chinese military.
A professor from Shanghai-based Jiaotong University, the other named Chinese institution, said he is not surprised by allegations that students hacked into websites. However he said that such acts were not malicious in motive, and that the students may simply have been testing out their Internet abilities. The professor added that the IP address of the university was often hijacked.
These articles take as evidence that hackers’ IP addresses could be traced back to two schools in China. However, it is common sense that hackers can attack by hijacking computers from anywhere in the world. This fact also explains why hackers are hard to be tracked down.
Computers in China are easy to be hijacked by hackers as internet security technology and services are still underdeveloped in China. The majority of Chinese internet users also lack security awareness and adequate protection measures.
The hackers’ IP addresses could by no means vindicate the newspapers’ allegations that the attacks were carried out by Chinese citizens or from within China.
Certain newspapers went even further by indicating that the Chinese government and the military might have supported those cyber attacks.
The university has alliances with elite American ones like Duke and the University of Michigan. And it is so rich in science and engineering talent that Microsoft and Intel have moved into a research park directly adjacent to the school.
But Jiaotong, whose sprawling campus here has more than 33,000 students, is facing an unpleasant question: is it a base for sophisticated computer hackers?
Investigators looking into Web attacks on Google and dozens of other American companies last year have traced the intrusions to computers at Jiaotong as well as an obscure vocational school in eastern China, according to people briefed on the case.
Security experts caution that it is hard to trace online attacks and that the digital footprints may be a “false flag,” a kind of decoy intended to throw investigators off track.
But those with knowledge of the investigation say there are reliable clues that suggest the highly sophisticated attacks may have originated at Jiaotong and the more obscure campus, Lanxiang Vocational School in Shandong Province, an institution with ties to the Chinese military.
Last weekend, the two schools strongly denied any knowledge of the attacks, which singled out corporate files and the e-mail accounts of human rights activists.
A spokesman for Jiaotong told local news outlets that school officials were “shocked and indignant” to learn of the allegations. And a Lanxiang spokesman called the reports preposterous.
The approved flash drives will be included in kits that the military will soon begin to distribute, with the first priority being troops in Afghanistan and Iraq who need the devices to carry or transfer critical data.
Vice Adm. Carl V. Mauney, deputy commander of U.S. Strategic Command, told reporters Friday that initially only dozens will be sent to the war zone, but eventually more kits will be created and distributed. He said he does not know how much the kits will cost, or how many will be handed out over time.
Plagued by millions of computer probes and attacks every day, the Pentagon has been struggling to balance its need for strict computer security with the urgent battlefield demands of its commanders. Defense Department and other U.S. government officials repeatedly warn of the growing threat of coordinated cyber attacks that pose potential national security risks.