Data loss

Corrupt call center workers selling your private information for pennies

Posted on


 

Thief with secrets image courtesy of ShutterstockAccording to the Daily Mail an undercover investigation in India has uncovered that some call center workers have been selling confidential information on nearly 500,000 Britons.

Undercover reporters from The Sunday Times met with two individuals who claimed to be IT workers who offered to provide them with 45 different types of data gathered from the victims.

Information offered up included names, addresses, phone numbers and credit card details (including CCV/CVV codes and expiration dates).

The reporters allege they could purchase the records for as little as 2 pence apiece ($0.03 USD). One of the IT workersthieves bragged:

"These [pieces of data] are ones that have been sold to somebody already. This is Barclays, this is Halifax, this is Lloyds TSB. We’ve been dealing so long we can tell the bank by just the card number."more

UK student loans targeted by phishers in latest spam campaign

Posted on


With British students about to start another year at university, the last thing they probably want to hear is that there is a problem with a student loan.

But that’s precisely the camouflage that online scammers are using to steal personal information today.

An email, claiming to come from Directgov UK, tells students that there is a problem with the online account for their student loan, and they need to update their account urgently.

Here’s a typical spammed-out message we’ve seen in our traps:

Student loan phishing attack

Subject:

Student Loan Update.

Message body:

Dear Student Finance Customer.

We at HM Government noticed your Student loan online log in details is incorrect and need to be updated.

DOWNLOAD THE ATTACHMENT TO UPDATE YOUR ACCOUNT NOW

Regards
Inline Verification. Directgov UK.

Attached file:

Student Loan Update.html

Clicking on the HTML attachment is not a good idea, however, as it will urge you to enter your details which are then sent via a website to the phishers.

Student loan phishing attack

Sophos products block the message as spam, and block the webpage that the HTML form is attempting to post the personal information.

Remember to always be suspicious of unsolicited attachments. Also, I would hope that a good student would have noticed the grammatical mistake in the phisher’s email..

CNAIPIC hacked – Italian cybercrime unit files published by Anonymous

Posted on


Anonymous, the loosely-knit hacktivist collective, is claiming to have got its hands on 8GB of “secret documents” from CNAIPIC, Italy’s cybercrime unit responsible for protecting the country’s critical IT infrastructure.

If it’s true that security at CNAIPIC has been breached by hackers, that would be a genuine concern as the group works with intelligence agencies around the world.

CNAIPIC - Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche

An Anonymous Twitter account announced the data breach, and links were posted up on Pastebin pointing to a selection of the stolen files, which included information related to various government departments around the world, including the US Department of Agriculture and Australia’s Ministry of Defence.

Documents about a number of private firms also appear to be included in the haul, which was claimed by The Legion of Anonymous Doom who are presumed to be a subgroup of Anonymous.

Hacker statement

A message posted on the internet in poorly-written English claimed that there would be more information and files released in due course:

"This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing's gonna get published and twittered all over anonymous and lulzsec community."

A screenshot of a list of all the files that had been compromised was posted on the internet, and included in a news report by The Hacker News. A small portion of it is reproduced below.

Small selection of some of the allegedly stolen CNAIPIC files

So, why is Anonymous apparently targeting the Italian cybercrime authorities?

Well, earlier this month, Italian police searched dozens of houses and charged suspects, in an investigation into the Italian branch of Anonymous – which is suspected of hitting government, business and media websites with denial-of-service attacks.

Inevitably there will be speculation that this is a counter-attack against the Italian authorities following the arrests.

Lady Gaga website stays strangely silent over database hack

Posted on


Lady Gaga hacked

A gang of hackers known as SwagSec announced at the tail end of last week that they had hacked into Lady Gaga’s UK website and made off with a database of names and email addresses of fans. To prove their point, they published the stolen data online.

The press reported that a source close to Lady Gaga said that she was:

"upset and hopes police get to the bottom of how this was allowed to happen"

If she was upset, she made no mention of the hack on her Twitter page, and posted no apology to her UK fans for the poor website security. She wasn’t, however, too upset to tweet about Emmy award nominations or to drop a line to Cher about doing a duet remix.

Although it’s right that the authorities should be informed regarding SwagSec’s illegal activities, there should surely be some recognition at Gaga HQ that perhaps the website was doing a lousy job at securing its fans’ information?

Lady Gaga user database

Lady Gaga’s record label, Universal, said it had confirmed that the hack had occurred and said that police had been informed:

"The hackers took a content database dump from http://www.ladygaga.co.uk and a section of email, first name and last name records were accessed. There were no passwords or financial information taken. We take this very seriously and have put in place additional measures to protect personally identifiable information. All those affected have been advised."

The risk to users who had their details compromised, of course, is that they could have been the subject of targeted attacks. Imagine how many of them might have opened an attachment or clicked on a link if they received an email claiming to be about free tickets for a Lady Gaga concert, or a sneak preview of her new video.

But although Universal says that it has contacted everyone who was affected – can they be confident that they know the extent of SwagSec’s hack? After all, the hack is claimed to have occurred weeks ago, but was only made public by SwagSec at the end of last week.

Wouldn’t it be more open and transparent to have a message to fans of the Lady Gaga UK website, telling them all what occurred. I went looking and couldn’t find anything to warn the wider array of Lady Gaga fans.

You may remember that the SwagSec hacking group defaced Amy Winehouse’s website earlier this month as well.

One wonders what eccentric female troubadour they will target next..

FBI searches LulzSec suspect’s home in Hamilton, Ohio

Posted on Updated on


The international investigation into the notorious LulzSec hacking gang continues, with news that FBI agents have searched a house in Hamilton, Ohio.

According to local media reports, federal agents are said to have searched a teenager’s home in Jackson Road, Hamilton, although no-one was charged after the search warrant was served.

Whether the FBI was acting upon information gleaned from Ryan Cleary, the British teenager who was charged last week in relation to a series of denial-of-service attacks, is unclear.

However, there is speculation that US law enforcement officers may have been acting in part based upon information released by the LulzSec group earlier this group, outing members believed to have leaked the group’s private online chat logs.

A June 21st posting by LulzSec on PasteBin claimed to reveal the true identities of members who called themselves “m_nerva” and “hann”. Apparent real names and addresses were given for both individuals by LulzSec who said:

"These goons begged us for mercy after they apologized to us all night for leaking some of our affiliates' logs. There is no mercy on The Lulz Boat."

In m_nerva’s case, his address was listed by LulzSec as being in Hamilton, Ohio.

Part of a statement from LulzSec

A tweet published at the same time as the information was posted indicated that there was little love between LulzSec members and the member they believed had snitched on them.

The Lulz Boat@LulzSec
The Lulz Boat

Remember this tweet, m_nerva, for I know you’ll read it: your cold jail cell will be haunted with our endless laughter. Game over, child.

Hackers, eh? You just can’t trust ‘em..

With rival hackers apparently turning on each other, and with law enforcement agencies around the world on their tail, it certainly feels as if those who sailed on the Lulz Boat may not be quite so merry as they once were.

 

 

FOR LATEST NEWS ON SCAM, SPAM ALERTS, HACKING, TECHNOLOGY NEWS. PLEASE

FOLLOW “COMPUTER ADDICTED” PAGE IN FACEBOOK:CLICK HERE

The President is finally taking charge? No, a Facebook phishing attack

Posted on


A warning to all the Facebook users out there – the scammers are after your login details again, this time by spreading a link which purports to be a video of Barack Obama.

The president is finally taking charge on Facebook

The president is finally taking charge!!
[LINK]
Is this really for real?.

The image used in the message looks like a YouTube video thumbnail, but if you click on the link you are redirected multiple times before finally landing on a phoney Facebook login page.

It may look like Facebook, but it’s not the real Facebook. It’s designed to phish your username and password from you.

Facebook usernames and passwords are an increasingly valuable commodity for cybercriminals – once they have those, they’ll be able to log into your account, post messages in your name, spread spam and malware and perhaps raid your profile for personal information that they might be able to use for identity theft.

Worst of all, perhaps, they can pose as you and cause tremendous problems for your friends and family.

So, if you think you might have fallen for a scam like this, change your Facebook password immediately and scan your computer with an up-to-date anti-virus product.

If you’re on Facebook and want to learn more about security threats on the social network and elsewhere on the internet, I’d recommend you join theSophos Facebook page.