Tag Archives: Anonymous

Political hacking to define 2011, McAfee predicts

Security experts at McAfee have stated that the coming year will bring significant problems to those who are charged with protecting data and retaining the integrity of corporate systems, although this time there will be political motivations behind the actions of so-called hacktivists.

In the past cybercriminals have worked purely for financial gain, but since the Wikileaks scandal and the rise of the Anonymous hacktivist group, many public and private sector firms could face disruption which is not founded on traditional goals.

The publication of McAfee’s 2011 Threat Predictions paper brings home warnings about the potential risks facing businesses and organisations who strive for data protection, because attacks will not only come from organised crime groups, but also private citizens who want to leverage the internet to further their political cause.

The proliferation of social networking tools like Twitter is allowing disparate individuals to communicate and organise wider attacks, with big names like Amazon and PayPal both suffering as a result in the final weeks of 2010.

McAfee’s Greg Day spoke to V3.co.uk and explained that 2011 would inevitably see various private companies coming under public scrutiny as a result of their involvement with something like the Wikileaks scandal.

Mr Day is also keen to emphasise that cybercriminals will be very much active in 2011, with new tools of business being leveraged to their advantage. Location-based services which use GPS data generated from mobile devices are thought to be a particular risk, while the exploitation of URL shortening technology will continue to allow the spread of malware via Facebook and Twitter.

Mr Day said that both the criminals and hacktivists would use platforms which have risen in popularity over the past 12 months in order to stay ahead of the game in 2011 and as such security experts have to move with the times and act now in order to ensure protection.

Data loss and security weaknesses relating to social networking are seen as being related hot topics for 2011 and experts urge early preventative action rather than reparative reaction.

Gawker suffers massive data loss and Amazon rebukes DDoS claims

The world of online security has been tumultuous over the last two weeks after the release of diplomatic cables by Wikileaks. Now major sites are coming under attack by hackers, with significant data loss suffered by gossip site Gawker and online retail site Amazon denying that recent downtime was caused by a distributed denial of service (DDoS) attack.

It is known that Amazon was a target of the Anonymous group of pro-Wikileaks hackers, but downtime of the UK and other European iterations of its retail site on Sunday evening, has now been officially put down to a technical fault, rather than the actions of third party groups acting with malicious intent.

Gawker has been the biggest victim in recent days, with 1.3 million of its users having their passwords and login details exposed alongside more than half a million personal email addresses, as the result of a hack.

The Gawker data loss incident is not believed to have any relation to the Wikileaks debate, but it is a serious security breach, since many people use the same email address and password to log into multiple accounts and the exposure of users in this way could leave hundreds of thousands open to further exploitation on unrelated services.

Gawker told its users that they should change their password not only on its site but also on any other service which shared that password, as criminals might now be able to access other accounts linked to individuals.

It said that encryption was present but a brute force attack is likely to have breached its security and compromised one of its servers.

Gawker has expressed its embarrassment at the data breach and the subsequent leaking of millions of passwords.

Social networking site Twitter has become awash with spam from legitimate accounts, after the hackers made passwords available via file sharing services and cybercriminals quickly logged into accounts to spread their malicious links.

The actions of Anonymous and the Gawker hackers have reawakened serious questions about IT security in a corporate environment and shown how easily large entities can be brought to their knees by small groups of dedicated hackers.

Hackers supporting Wikileaks distribute phoney MasterCard details

The deepening conflict between the activists who are hacking various major corporate websites and the authorities has taken a troubling turn, as it was announced that payment card details were stolen and then published.

Over 10,000 users of MasterCard were allegedly affected by the data theft, although the veracity of the published details was quickly denied by a spokesperson for the payment card firm, who claimed that the group of hackers, known by the name Anonymous, had faked the leak in order to stir up trouble and gain publicity for their cause.

While the card details may have been false, the implications are serious and the group has been undeniably successful in its aims of causing widespread problems for corporate entities, through the use of distributed denial-of-service (DDoS) attacks.

MasterCard’s rival payment card firm Visa has also come into the firing line and now the group has set its sights on net transaction site PayPal, because it stopped accepting donations towards whistle-blowing website Wikileaks.

The leaked payment card details included card numbers and expiry dates but among the 10,000 listings there were no cardholder names or personal details.

What gave the leaked data away as fake was the fact that none of the alleged card numbers provided by the hackers began with the number five, which MasterCard spokesperson Chris Montero said was a common feature of all its payment cards.

Security expert, Claire Sellick, said that because attacks against sites linked with the Wikileaks scandal would continue it would be necessary for these major corporate entities to shore up their defences and limit the impact of DDoS.

It is recommended that these firms separate the provision of their internet service amongst multiple firms and harness different telephone exchanges rather than a single local option as this will make it virtually impossible for a focused DDoS attack of the kind that has been experienced in recent weeks.

Many are calling for businesses to limit the spread of private data so that it can be kept secure from prying eyes. It is also held that these first attacks by a collaborative, non-governmental hacking force show that cyber warfare can be a tool for any cause.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal