Editor’s Note – Hackers are real busy and seem to have plenty of time on their hands. There must be some form of backing, because these folks are pretty prolific in their endeavors. This time, the seem to be having fun as well. Seems that StratFor got hit, again, this time for laughs. The security firm was hit, but so was another security icon, the nation of Israel. When you knock out El Al Airlines, and their stock market, you have hit their very core.
Also hit recently was the internet company, Zappos. The retailer alerted its customers in an email indicating that their data had been infiltrated affecting 24 million customers.
___________________
Hackers hit Stratfor again, but this time just for laughs
Subscribers asked to rate the company’s handling of attack, but it’s really AntiSec again
The hackers behind the year-end attack on the security consulting firm Stratfor have struck again, although this time it appears they are just out for a few laughs.
Anonymous, (working with its Lulz Security partners under the “AntiSec” banner), sent phony emails to members of Stratfor’s mailing list asking them to rate the company’s “handling of the recent intrusion by those deranged, sexually deviant criminal hacker terrorist masterminds,” SC Magazine reported. The emails appear to come from Stratfor’s chief executive officer, George Friedman, and are titled “Rate Stratfor’s Incident Response.”
According to a University of Amsterdam network researcher who posted the message he received, the emails include a link to a list of stolen Stratfor data and email exchanges between Stratfor IT administrators and programmers after they detected suspicious network activity. Another link, in true “lulz” fashion, pranks users by taking them to the YouTube video for Rick Astley’s 1980’s hit (and Internet meme) ” Never Gonna Give You Up.”
On Dec. 24, Anonymous stole nearly 900,000 email addresses and more than 68,000 credit card numbers from Stratfor, an Austin, Texas-based firm that counts powerful companies including Chevron, Sony, Lockheed Martin, Goldman Sachs, the United Nations, Google, AIG, HSBC, Bank of America and the U.S. military as its clients.
___________________
Hackers disrupt Israel airline, stock market sites
By AMY TEIBEL
JERUSALEM (AP) — A hacker network that claims to be based in Saudi Arabia paralyzed the websites of Israel’s stock exchange and national airline on Monday, escalating an international cyber war that has jolted this security-obsessed country.
Neither website contains sensitive information and trading and flights were not affected. But the ongoing salvos by hackers who use anti-Israel language in their posts has revealed how vulnerable Israel is to cyber warfare, despite its sophisticated computer security units in the military and advanced high-tech sector.
The attacks began earlier this month when hackers identifying themselves as group-xp, a known Saudi hacking group, claimed on an Israeli sports website to have gained access to 400,000 Israeli credit card accounts. The group called it a “gift to the world for the New Year” designed to “hurt the Zionist pocket.”
Israeli authorities said 15,000 accounts were hacked in that episode and credit card information about 6,000 other Israelis was disclosed online a few days later by the same network.
Last week, an Israeli hacker identifying himself as a soldier in an Israeli intelligence unit retaliated by posting information online about hundreds of Saudis, Egyptians, Syrians and others.
On Monday, El Al Israel Airlines took down its website after hacker OxOmar, who has been linked to the Saudi group, warned that both sites would be targeted by allied pro-Palestinian hackers, a person close to the company said. The source was not authorized to speak to the media and requested anonymity.
The company said in a statement that it was taking security measures to protect the website and that disruptions on the site were to be expected.
Orna Goren, a spokeswoman for the Tel Aviv Stock Exchange, said the site was overwhelmed by electronic requests that slowed it down dramatically but it was still operating. Trading was not affected, she said.
Cyber experts say Israel is a common target for online attackers who oppose the Jewish state and its policies toward the Palestinians, but there have been no confirmed reports of sensitive Israeli government sites being hacked.
“Right now, we’re not seeing anything that’s especially interesting or especially dangerous,” said Gadi Evron, former head of Internet security for the Israeli government.
News of the hacking led to a linguistic counterattack at Israel’s state radio. Continuing its decades-long battle against the use of English words in its Hebrew broadcasts, the radio’s linguist insisted that reporters use a Hebrew word, “patzchan,” meaning a person who cracks something open, instead of “hacker.”
___________________
Zappos accounts hacked, data stolen
By Gar Swaffar
Data theft is becoming more common, and Zappos is the latest to report the breaching of accounts, twenty four million accounts.
Zappos, the online retailer, posted a message on its website Sunday evening to their employees, detailing the magnitude of the data breach and the steps being taken to mitigate the problem.
A copy of the email being sent to the customers whose accounts were hacked is included in the message (in the link above) Important to note is that while the passwords, name, email, shipping and billing addresses, phone numbers and only the last four digits of any credit card numbers held in the Zappos servers.
Zappos is also trying to reassure customers that the full credit card numbers have not been compromised in the data breach. The full credit card numbers were not accessed according to the statement by Tony Hsieh, the CEO of Zappos. The full credit card numbers were apparently stored elsewhere in the Zappos system.
The MSNBC report notes that the cyber-attack occurred at a server in Kentucky, USA.
While the passwords were stolen, they were in a cryptographic form which may be difficult for the hackers to use. Nonetheless, Zappos has expired and reset all passwords for all of their customers and that will force every customer to change their password before using the site again. All communication with Zappos in regard to questions from customers for a time will need to be handled by email, Zappos acknowledged they didn’t have the capacity to accept the calls from even five percent of their customers, which would have been more than a million calls.
Zappos is urging all of their customers to change their password at other websites if the same password was used on secondary sites.
With twenty four million customers affected, this isn’t the largest data breach to have occurred, but it is an extremely large data loss.
One of the largest and most recent cyber-attacks resulting in the loss of customer data was the Sony PlayStation attack last year, in that attack it is reported that 77 million accounts were breached.
Read more: http://www.digitaljournal.com/article/317957#ixzz1jf1XVtvv
