Entries in Hack (8)


Are You Safe from Growing Number of Cyber Attacks?

Jupiterimages/Thinkstock(NEW YORK) -- The websites of Sega, Sony, Citibank, and the U.S. Senate have all been hit by hackers.

In Sega's case, the firm said over the weekend that the attackers got access to account information for 1.3 million users.  And that wasn't even unusual.

Somewhere out there are loosely-organized shadow groups -- there's one that calls itself Anonymous, another that registered a website in the Bahamas under the name Lulz Security -- trying to take credit for some of the more public attacks.

Security consultants said you're probably safe if you take precautions -- such as deleting emails from strangers and changing your passwords regularly.  Most firms that handle sensitive data, such as credit card numbers, try to stay a step ahead of the intruders.  But it's full-time work.

Hacking -- once seen as the pastime of geeky teenagers who didn't have better things to do with their technological skills -- has apparently ballooned in just the last few months.  Google's Gmail service was attacked from somewhere in China, and there have been debates over whether cyber attacks from other countries qualify as acts of war.

"It feels to me like there are definitely more hacks taking place," said Graham Cluley, who analyzes online trends for the computer-security firm Sophos.  In an email to ABC News, he broke the attackers into three types:

-- "Hacktivists: They may be doing it for laughs, or believe they are making a political point, but they don't have a financial motive," Cluley said.

-- Genuine criminals:  Cluley called them "your regular identity thieves -- interested in stealing identities, credit card detail, because of the money that can be made out of them."

-- Infiltrators: "These are the hackers who appear to be hacking organizations and government bodies with the intention of stealing sensitive information with -- perhaps -- military or economic motivation," said Cluley. 

He cited attacks on U.S. military contractors, such as an internal network at the aerospace giant Lockheed Martin as a recent example.

Cluley said one likely increase was in the number of organizations admitting they'd been hacked.  The number of attacks is tremendous, he said, though most are unsuccessful or, in many cases, merely annoying.

Copyright 2011 ABC News Radio


Citibank Breach: Six Tips to Bank Online Safely

Hemera Technologies/Thinkstock(NEW YORK) -- Citibank acknowledged that a data security breach has exposed information on about 210,000 of its bankcard customers.  While these data breaches seem to be growing more commonplace, experts offer tips to make online banking more secure.

Citi's incident, one of the first known hacking cases at a bank, compromised data including credit card account numbers, names and contact information like email addresses.  There have been several other public hacking announcements this year from Sony, Lockheed Martin, and Michael's Stores, leaving consumers feeling overwhelmed by security concerns.

Adam Levin, co-founder of and former director of the New Jersey Division of Consumer Affairs, said it is best for consumers to carry the mindset that there will be more data breaches in the future.

"The level of sophistication of hacking has grown exponentially," Levin said.  "And the bad guys are ahead of the good guys."

Avivah Litan, security analyst with technology research and advisory firm Gartner, said that for both online banking and online credit card management, consumers have "very good protection" under a rule set forth by the Federal Reserve called Regulation E that limits consumer liability for unauthorized card usage.  Though consumers may experience an inconvenience, they will almost always recover financially, she said.

Large businesses usually can afford security protection for their banking.  But Litan said online banking for small businesses is "very risky" because Regulation E does not apply to businesses.

To limit the exposure of you or your business in online banking, here are some tips from some security experts:

1. Never accept incoming communications purporting to be from financial institutions you do business with, whether by email or phone call.

"Call them back using only the phone numbers published on your cards or statements," Richard Wang, manager of SophosLabs US, said.

2. Update your security software on your computer.

"Make sure it's malware protection and have the most sophisticated firewalls and anti-intrusion software," Levin said.  "Those start screaming at you anytime you're even near something that has a worm on it."

3. Check the security of your mobile device and your mobile banking apps.

Mobile banking and payments are becoming more common, which means hackers may pay more attention in that marketplace also.

Andrew Hoog, chief investigative officer of viaForensics, a digital forensics and security company, found three unencrypted (i.e., less secure) passwords in apps for Foursquare, LinkedIn and Netflix on the Android in a recent round of app security testing.  Citibank received a "pass" rating for its app.

4. When logging in to perform online transactions, always enter the website address directly in your browser.

Never click links that claim to take you to banking sites.

5. Use strong passwords and don't reuse your bank password elsewhere.

Use two factor authentication if your bank offers it, such as confirmation numbers by text message to your phone, Wang said.

Levin adds that you should even have unusual answers to additional security questions.

"If they ask for your mother's maiden name, say 'superwoman,' or something outrageous that you would only know," Levin said.

6. Be active in monitoring your financial accounts.

Levin said he does not believe eliminating your online accounts is the answer because they can be the best tools to monitor your financial activity in real time.  He suggests you monitor your online accounts at least once a day.

Copyright 2011 ABC News Radio


Group Claims It Hacked Sony Website, Stole Customer Information

AFP/AFP/Getty Images(TOKYO) -- Sony has been hacked yet again.

This time, a hacker group known as "Lulzsec" claims it has stolen the personal information of more than one million people from the Sony Pictures Entertainment website.  The group says it obtained passwords, email addresses and birthdates of customers in the U.S. and posted the information on their website.

The hackers say the breach was easy because none of the data was encrypted.

This latest attack comes after a separate security breach exposed the personal information of 100 million PlayStation network users in April.

Copyright 2011 ABC News Radio


Hackers Target Lockheed Martin

Stockbyte/Martin Poole(BETHESDA, Md.) -- Global security company Lockheed Martin said its information system network was the target of a “significant and tenacious attack” on May 21.

The company issued a news release on Saturday saying that the attack was picked up by Lockheed Martin’s information security team “almost immediately,” and that its personnel took swift and deliberate action to protect the company’s systems and data.

This aggressive action, has allowed the company’s systems to remain secure, and no customer, program or employee personal data was compromised in the hack attack, say company officials.

Lockheed Martin is a global security firm that specializes in research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services, according to the company’s website.

Copyright 2011 ABC News Radio


Hackers Find Another Security Hole in Sony's PlayStation Network

Stockbyte/Thinkstock(TOKYO) -- Just a few days after Sony began restoring the PlayStation Network because of a massive worldwide security breach, the company learned of a new security hole Wednesday.

As a result, Sony was forced to temporarily take down a Web page where users could reset passwords for their PlayStation accounts, the result of the first security breach discovered about four weeks ago.

Initially, Sony said birth dates, email addresses and perhaps credit card information were compromised because of the hacking of its PlayStation Network, which affected over 100 million users.

Things appeared to get back to normal a few days ago until the new security hole was discovered that could once again enable hackers to get a hold of accounts.

As of late Wednesday, the password reset page remained down, although Sony insisted that the security hole was fixed.

Copyright 2011 ABC News Radio


Sony Apologizes for PlayStation Security Breach

Stockbyte/Thinkstock(NEW YORK) -- Sony executives are apologizing for last week's PlayStation security breach. Over the weekend, they admitted that they still don't know who's to blame. Personal data of 77 million people was compromised. In an effort to make it up to their customers, Sony will be offering 30 days of free service.

The PlayStation breach is just the latest hack attack on a company's customer data, but online customers are still entering more private info than ever. Experts say that means there's little incentive for companies to improve their computer security.

Copyright 2011 ABC News Radio


Sony Playstation Data Breach Exposes Info of 77 Million Users

Jupiterimages/Brand X Pictures(LOS ANGELES) -- Sony’s online PlayStation Network -- which allows gamers to play video games online and access streaming movies using its popular gaming consoles -- has been breached by hackers, according to the company.

The company says the data of some 77 million customers -- including names, addresses, birthdays, passwords and log-in names -- was accessed by an unauthorized person between April 17 and April 19.  Sony says it doesn’t have evidence that credit card data was hacked, but says it "cannot rule out the possibility."

“For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information,” the company said in a blog post.   “Sony will not contact you in any way, including by email, asking for your credit card number, Social Security number or other personally identifiable information.”

Sony further advised customers to "remain vigilant, to review your account statements and to monitor your credit reports."

Copyright 2011 ABC News Radio


Hackers Expose Millions of Email Addresses

Tasos Katopodis/Getty Images(DALLAS) -- If you're a customer of Walmart, Best Buy, Citigroup or one of several other major U.S. companies, you might want to put your email inbox on high alert.

Over the weekend, those retailers were the latest on a growing list of big-name businesses to warn customers that computer hackers may have accessed their email addresses and names. All of the companies work with the Dallas-based online marketing firm Epsilon, which said Friday its system had been breached, potentially exposing its corporate clients' customer information.

When reached by ABC News, a spokeswoman said she was unable to comment as the company conducts an investigation and cooperates with authorities. But in its statement, Epsilon, which sends 40 billion emails annually on behalf of more than 2,500 clients, said a subset of its' clients customer information was compromised in the data breach.

"The information that was obtained was limited to email addresses and/or customer names only," the company said. "A rigorous assessment determined that no other personal identifiable information associated with those names was at risk."

J.P. Morgan, Kroger's, Walgreens, Capital One Financial, Barclay's Bank, The College Board and TiVo are among the companies to acknowledge that their customers' data may have been accessed by hackers.

While security experts say hackers are usually interested in more sensitive data than people's names and email addresses, they still warn that affected customers should be extra careful with their email. Customers with compromised email accounts could expect a surge in annoying spam to their inbox, he said, but the hack could have more insidious effects, too.

"The biggest danger here really is that spammers could then target you with email pretending to come from these organizations," Cluley said. "You might get fooled into being phished for your log-in information or being sent malware or a dangerous Web link."

Copyright 2011 ABC News Radio

ABC News Radio