Archive for the ‘Security Breaches’ Category

Health Net slow to tell members of security breach

March 16, 2011

Health Net slow to tell members of security breach: “”

(Via .)

University in ‘serious’ data breach; Publishes 17,000 students’ data | ZDNet

March 16, 2011

University in ‘serious’ data breach; Publishes 17,000 students’ data | ZDNet: “”

(Via .)

Report: Google Hackers Stole Source Code of Global Password System

April 20, 2010

Report: Google Hackers Stole Source Code of Global Password System: “

The hackers who breached Google’s network last year were able to nab the source code for the company’s global password system, according to the New York Times.

The Single Sign-On password system, which Google referred to internally as Gaia, allows users to log into a constellation of services the company offers — GMail, search, business applications and others — using one password.

The hackers, who are still unknown, were able to steal the code after gaining access to the company’s software repository, which stores the crown jewels for its search engine and other programs.

Because the hackers grabbed the software, and do not appear to have grabbed customer passwords, users aren’t directly affected by the theft. But the hackers could study the software for security vulnerabilities to devise ways to breach the system that could later affect users.

Google announced in January that it and numerous other companies had been hacked in a sophisticated attack. The hackers had targeted source code repositories at many of the companies, including Google.

According to the Times, the theft began when an instant message was sent to a Google employee in China who was using Windows Messenger  The message included a link to a malicious website. Once the employee clicked on the link, the intruders were able to gain access to the employee’s computer and from there to computers used by software developers at Google’s headquarters in California.

The intruders seemed to know the names of the Gaia software developers, according to the Times. The intruders had access to an internal Google corporate directory known as Moma, which lists the work activities of every Google employee.

They initially tried to access the programmer’s work computers and ‘then used a set of sophisticated techniques to gain access to the repositories where the source code for the program was stored.’

The Times doesn’t elaborate on the set of sophisticated techniques the hackers used to access the source code, but in March, security firm McAfee released a white paper in relation to the Google hack that describes serious security vulnerabilities it found in softeware configuration management systems (SCMs) used by companies that were targeed in the hacks.

‘[The SCMs] were wide open,’ Dmitri Alperovitch, McAfee’s vice president for threat research told Threat Level at the time. ‘No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways — much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting.’

Many of the companies that were attacked used the same source-code management system made by Perforce, a California-based company, according to McAfee. The paper didn’t indicate, however, whether Google used Perforce or had another system in place with vulnerabilities.

According to McAfee’s earlier report, the malicious website the hackers used in the Google hack was hosted in Taiwan. Once the victim clicked on a link to the site, the site downloaded and executed a malicious JavaScript, with a zero-day exploit that attacked a vulnerability in the user’s Internet Explorer browser.

A binary disguised as a JPEG file then downloaded to the user’s system and opened a backdoor onto the computer and set up a connection to the attackers’ command-and-control servers, also hosted in Taiwan.

From that initial access point, the attackers obtained access to the source-code management system or burrowed deeper into the corporate network to gain a persistent hold.

According to the paper, the hackers were successful at accessing source code because many SCMs are not secured out of the box and do not maintain sufficient logs to help forensic investigators examining an attack.

‘Additionally, due to the open nature of most SCM systems today, much of the source code it is built to protect can be copied and managed on the endpoint developer system,’ the whie paper states. ‘It is quite common to have developers copy source code files to their local systems, edit them locally, and then check them back into the source code tree…. As a result, attackers often don’t even need to target and hack the backend SCM systems; they can simply target the individual developer systems to harvest large amounts of source code rather quickly.’

Alperovitch told Threat Level his company had seen no evidence to indicate that source code at any of the hacked companies had been altered.

(Via Wired: Threat Level.)

‘Fog of War’ Led To Operation Aurora Malware Mistake

April 1, 2010

‘Fog of War’ Led To Operation Aurora Malware Mistake: “‘Fog of War’ Led To Operation Aurora Malware Mistake”

(Via DarkReading – All Stories.)

PNC: Former National City Bank Accounts Hacked

March 23, 2010

PNC: Former National City Bank Accounts Hacked: “

Some presents just aren’t the kind you want. You buy a new product get it home only to find it’s busted. PNC Financial Services Group Inc. found that out the hard way recently after they purchased National City Bank. Turns out that prior to the acquisition there was a data breach affecting customers. Much like herpes, it was an unpleasant surprise.


Bank officials were made aware of the data breach earlier this week, but Solomon would not say how many customers’ accounts have been compromised or how much money was stolen.

PNC Financial, which is based in Pittsburgh, said some customer debit cards were compromised shortly before the company acquired Cleveland-based National City Corp. in December 2008.

This naturally begs the question, why did it take so long to discover? I’d be interested to read more on this story as the details emerge.

Article Link

(Image used under CC from elycefeliz)

UPDATE: Here is more on this story from Channel 9 WCPO

Some Charged More than $1,000

Other customers were hit harder.

* Cynthia Suchoski e-mailed to say ‘there was a charge made yesterday at Macy’s in Costa Mesa, California for $1,300″ on her old National City debit card. She was not in California.
* Jonathan Vasiladis told me his old debit card was hit for $4,000 in bogus charges, many of them happening in England.
* And another, who asked that we not use his name, e-mailed to say his PNC account ‘is more than one $1,000 overdrawn,’ again, after unauthorized charges in California.
* A fourth viewer reports another series of unauthorized charges, supposedly from March of Dimes.

(Via Liquidmatrix Security Digest.)

Shell’s employee database breached: 170,000 records compromised

February 16, 2010

Shell's employee database breached: 170,000 records compromised: “Oil giant Shell was unpleasantly surprised when it received news of a database containing contact information of some 170,000 of their workers having been emailed to seven non-governmental groups and …”

(Via Help Net Security – News.)

French judge issues arrest warrant for cyclist Floyd Landis in alleged hacking incident –

February 16, 2010

French judge issues arrest warrant for cyclist Floyd Landis in alleged hacking incident – ”

The French national anti-doping lab says its computers were compromised. Landis, who was stripped of his 2006 Tour de France title after failing a drug test, dismisses the idea that he was involved.”

(Via .)

BofA Discloses “Undisclosed” Breach

February 9, 2010

BofA Discloses “Undisclosed” Breach: “

Recently, a friend of mine received a letter from Bank of America informing her that ‘some credit card information on your Bank of America account may have been compromised at an undisclosed third-party location.’

The letter went on to state that BofA had reviewed her account and saw ‘no evidence that your account has been misused in any way. We will continue to monitor activity on your account, and if we detect suspicious transactions, we will notify you.’ BofA also informed her that ‘we will close your existing account and issue you a new account number and credit card(s).’

Imagine if your doctor sent you a letter informing you that ‘you’ve contracted an undisclosed disease from an undisclosed third party. Take these pills and carry on as before. We’ll monitor your symptoms and notify you if you show signs of further infection.’

The underlying subtext here is that a) my friend’s information was probably compromised through a merchant that she has done business with; b) she does not have the right to know who that was; and therefore c) she must continue to do business as usual without the ability to change her behavior based on the fact that the merchant did not safeguard her information appropriately.

BofA referenced a web site where they talk about data compromise:

According to this site, ‘When a data compromise occurs Bank of America is notified by multiple sources, including Visa®, MasterCard®, American Express® and law enforcement agencies when our accounts have been included in a data compromise… Unless the merchant announces the breach to the public, we are unable to provide the name of the merchant or where the data breach has occurred.’

In other words, the credit industry is facilitating willful ignorance in order to protect their fundamentally broken system. If you or I found out where exactly the breach happened, we might not be so inclined to give our credit-card numbers to the end merchant or payment processors involved. Customers are not provided with the information we need to make educated decisions about who we trust with our information.

Truth be told, the fundamental problem isn’t with the end merchants, anyway. The problem is that our financial infrastructure rests on the broken concept that a short string of numbers can be used to move money from one person’s account to another. This string of numbers has to be kept ‘secret,’ but it also has to be given to dozens of people throughout the course of a day in order to conduct routine transactions.

Here’s my favorite section of BofA’s data compromise FAQ:
‘Is it safe to use my new card?
‘We are confident that this was an isolated incident and that the steps we have taken will ensure the continued security of your account. Please continue to use your new account as you normally would.’

Yes… an ‘isolated incident,’ just like the other 285 million records that were compromised last year. Take these pills and carry on.

Sherri Davidoff
PGP-signed text: 2010-01-24 (current)

Did you like this article? Share it!


(Via philosecurity.)

Date breaches: The insanity continues

January 11, 2010

Date breaches: The insanity continues: “In 2009, the Identity Theft Resource Center recorded 498 breaches, less than the 657 in 2008, more than the 446 in 2007.

Are data breaches increasing or decreasing? That is the question no one can …”

(Via Help Net Security – News.)

Target Among Firms Hit by Gonzalez

December 30, 2009

Target Among Firms Hit by Gonzalez: “A Reuters newswire article, via, reports that:

Target said it was among the victims of computer hacker Albert Gonzalez, mastermind of the biggest identity theft in U.S. history.

The 28-year-old college dropout pleaded guilty on Tuesday to charges that he stole more than 170 million payment card numbers by breaking into corporate computer systems from businesses including Target.

Gonzalez, under the plea agreement, faces 17 years to 25 years in prison when he is sentenced in March.

Target spokeswoman Amy Reilly said her company was among the victims, having had an ‘extremely limited’ number of payment card numbers stolen by Gonzalez about two years ago.

She declined to say how many card numbers had been stolen, and described the term of the exposure as brief.

More here.

(Via Fergie’s Tech Blog.)