Entries in Hackers (25)


Facebook Hacked, Says No User Data Compromised

Justin Sullivan/Getty Images(NEW YORK) -- Facebook has revealed that it was "targeted in a sophisticated attack" by hackers last month -- this not long after Twitter and The New York Times reported that hackers got into their computers.

Facebook does not say specifically when the attack happened, but it does assure users in a blog post that it has found "no evidence that Facebook user data was compromised." That means that Facebook does not believe that usernames or passwords from the site were obtained by the hackers. Facebook does not reveal, however, what the attackers were able to see.

When reached by ABC News, Facebook declined to comment on who it believes was responsible for the attack.

Facebook's security team has traced the attack to a website that was visited by Facebook employees. The website installed malware on the employees' laptops, even though they were protected by anti-virus software.

"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," Facebook says in its blog post.

Given that the attack came through employee laptops, it is possible that the information compromised was simply what was on their personal computers.

Facebook says the compromise began with a vulnerability in Java, the software used to show much of the content on Web browsers. As a result, the Department of Homeland Security last month urged computer users to disable the software in browsers.

Facebook's announcement comes after Twitter's announcement on Feb. 1 that 250,000 accounts were compromised in an attack. Twitter required affected users to reset their passwords. The New York Times and the Wall Street Journal's computer systems were infiltrated by Chinese hackers in late January.

Although Facebook user data seems to be safe at this point, this is a good time to make sure you are following basic online safety tips -- reset your passwords regularly, keep your anti-virus software up to date, and stay away from websites that seem questionable.

Copyright 2013 ABC News Radio


NSA Director on Cyberattacks: ‘Everybody’s Getting Hit’

iStockphoto/Thinkstock(WASHINGTON) -- Gen. Keith Alexander, the commander of U.S. Cyber Command and director of the National Security Agency, Wednesday bluntly addressed widespread cyberattacks hitting major corporations and the damaging loss of intellectual property being harvested from their computer networks.

“From my perspective, this is huge,” Alexander said at a symposium sponsored by the computer security firm Symantec. “When we look out there – the companies that have been hit – you look across the board: Everybody’s getting hit.

“In 2012, just some of them — Nissan, MasterCard and Visa -- that should make all of us concerned,” Alexander said.  “[In] 2011, RSA, COMODO, Epsilon, L-3, Sony, Citi, Lockheed Martin, Northrup Grumman, Google, Booz Allen, DigiNotar, Mitsubishi, Sony, Adidas – I had to bring that one in for our allies -- Stratfor, Visa, [US] Chamber of Commerce.

“We see the biggest amount of theft going to intellectual property for most of these companies,” he added. “And when you look at it, the theft that’s going on hits in two directions, either directly hitting the company that they’re trying to steal the information from, or they’re stealing the certificates and keys to get into that company to steal the intellectual property. Either way, they’re getting it.”

According to U.S. intelligence officials, in 2009 U.S. companies suffered losses of about $50 billion from their research and development efforts.

Alexander addressed a series of disruptive “denial of service” attacks on Wall Street and U.S. banks that have been going on since September. During a denial of service attack, computer systems are intentionally overloaded and become unable to function properly, often crashing a website or slowing it to a crawl.

He also mentioned a cyber attack against a Saudi oil company, Saudi Aramco, that resulted in vast amounts of company documents and emails being digitally vaporized by a malicious computer virus.

“What we have is a huge concern: theft by crime, theft of intellectual property, and now disruption, destruction coming on these networks. And we’ve got to address that,” Alexander said.

The destruction of data could have massive implications for financial institutions and global stock markets, according to security officials. In 2008, then-Director of National Intelligence Mike McConnell warned Congress about the threat in congressional testimony.

“Our experience to note that when people break into a network, they’re often there for six to nine months before we detect them,” Alexander told the conference. “Six to nine months, you’re allowed to roam freely about that network. You own it. You can take all the intellectual property you want.”

Ironically, as Alexander was addressing the Symantec Government Symposium, there were reports circulating that a hacking group called Hack the Planet had allegedly hacked into Symantec’s network and compromised a database of more than 3,000 Symantec employee e-mail addresses and passwords.

Symantec, in a prepared statement, said it was aware of the claim.

“We take each and every claim very seriously and have a process in place for investigating each incident,” it said. “Our first priority is to make sure that any customer information remains protected.  We are investigating these claims and have no further information to provide at this time.”

Describing the Internet traffic and infrastructure that creates the cyber domain, Alexander addressed privacy concerns as he advocated a way for the private sector and the government to come together to work on cybersecurity issues.

“The government is not looking at the traffic; industry’s looking at the traffic, and they have to do that to own and operate these networks. We’re going to help them with signatures and other things,” Alexander said, addressing the issue of identifying when companies have become vulnerable. “They need to tell us when they need our help. But it’s got to be done in time for us to help.”

Following Congress’ failure to pass cybersecurity legislation this year, according to federal officials, a draft executive order being circulated by the White House would allow intelligence agencies, including the NSA, DHS and the FBI, to share information about cyber threats with critical infrastructure entities such as water plants, the energy sector and financial institutions.

In his remarks Wednesday, Alexander also addressed the need for education of the public on issues relating to cybersecurity.

“Most of the people do not technically understand the network and what we’re talking about,” he said. “And so there’s a lot of paranoia out there. You know, we have to help them understand – everyone understand in the United States and our allies – actually what we mean by operating in cyberspace a secure area where we protect our civil liberties and privacy. We can do both.”

Copyright 2012 ABC News Radio


Hackers, Possibly from Middle East, Block US Banks' Websites

Jin Lee/Bloomberg via Getty Images(NEW YORK) -- The financial and banking industries are on high alert Thursday night as a massive cyberattack continues, with potentially millions of customers of Bank of America, PNC and Wells Fargo finding themselves blocked from banking online.

"There is an elevated level of threat," said Doug Johnson, a vice president and senior adviser of the American Bankers Association. "The threat level is now high."

"This is twice as large as any flood we have ever seen," said Dick Clarke, an ABC News consultant and former cybersecurity czar.

Sources told ABC News that the so-called denial of service attacks had been caused by hackers from the Middle East who had secretly transmitted signals commandeering thousands of computers worldwide.

Those computers -- or "zombies" -- were then used to overwhelm bank websites with a barrage of electronic traffic.

Different banks have been targeted on different days.

Thursday was PNC Bank's turn: For three hours, ABC News tried to get on the PNC website to no avail.

On Facebook, a frustrated customer, Cynthia Schirm, wrote, "Trying to pay bills. This is ridiculous."

"Hopefully it can be up soon," wrote Stacy Briggs-Gerlach. "Never realized how dependent I am on it!!!"

A group of hackers calling themselves Izz ad-Din al-Qassam warned the financial industry that it was going to attack in retaliation for the controversial film "The Innocence of Muslims," which provoked outrage across the Muslim world earlier this month.

The U.S. said it suspected that hackers in Iran were also involved.

"This is the first time that we know about, where a Middle Eastern entity, perhaps a Middle Eastern government, has attacked websites, critical infrastructure, in the United States," Clarke said.

Even though hackers have not been able to steal any money during these attacks, authorities say they fear the next generation of widescale cyber assaults could be more devastating.

"If they get inside the banks, they can move money around and cause financial chaos," Clarke said.

ABC News obtained a Sept. 17 FBI alert warning that foreign hackers were targeting bank and credit union workers.

In a number of those cases, the hackers stole employee login credentials and then wired themselves between $400,000 and $900,000.

Sources told ABC News that the U.S. government was actively working to locate and disrupt the massive attacks.

Copyright 2012 ABC News Radio


Consumerist Website: Was It Hacked?

iStockphoto/Thinkstock(NEW YORK) -- The consumer advocacy website Consumerist, which has been down nearly a week, had a spotty return Wednesday afternoon using the online publishing platform WordPress and alternate content.

Owned by the non-profit group Consumers Union, publisher of the venerable consumer testing site Consumer Reports, Consumerist publishes stories about consumer customer service issues and news.

The site normally requires users to register with an email address and password to comment on stories. However, the commenting functionality was temporarily disabled on an alternate version of the website posted Wednesday via its new hosting provider while Consumerist investigated its problems, a spokesman said.

On the new Consumerist site, a Q&A called “What’s Up With Consumerist?” said that the site “received reports that some of our pages had been altered to begin redirecting our traffic to spam websites. We took down [sic] as quickly as possible and began investigating.”

Consumerist was investigating if it has been hacked and will publish its findings on the site and notify users via email.

“The passwords are secured in accordance with industry best practices,” the Q&A said. “They are salted and hashed. As a matter of prudence and good practice we always recommend that you do not use the same password at more than one site, including Consumerist.”

Over the summer, Consumerist notified registered users that it had two “security issues.”

“We do not yet know for sure whether any user names, email addresses, or passwords were compromised; all password files were encrypted,” the site said at the time.

Michael Schreiber, editor-in-chief of the money and security site, said it was “strange” that Consumerist may have been targeted because it is a site devoted to consumer financial protection.

“They have a long history advocating for the little guy,” he said.

Copyright 2012 ABC News Radio


eHarmony Passwords Stolen by LinkedIn Hackers

iStockphoto/Thinkstock(NEW YORK) -- The same hackers responsible for the theft of over 6.4 million LinkedIn passwords also acquired passwords from the popular dating site eHarmony.

“After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,” eHarmony’s Becky Teroka wrote on the company blog Wednesday evening.  

According to the Los Angeles Times, 1.5 million passwords were stolen.  That’s significantly less than the 6.4 million LinkedIn passwords, but still a considerable amount of eHarmony’s 20 million users.

The Russian hacker responsible uploaded the encrypted passwords to a Russian-language website forum.  Many of them have been cracked, and while the usernames are not posted, security experts believe the hackers are in possession of that information as well.

Similar to LinkedIn, eHarmony has reset the passwords for those with compromised accounts.  If you’re such a user, you will be prompted to change your password next time you attempt to log in to the site.

Still, if you’re a LinkedIn or eHarmony user you should still change your password.  Additionally, if you have used that password on other sites or services, you should change that password on those sites as well.

Copyright 2012 ABC News Radio


Information from 24 Million Zappos Users Compromised by Hackers

KAREN BLEIER/AFP/Getty Images(LAS VEGAS) -- The online shoe company Zappos admitted Sunday that hackers had broken into its computer system and stolen customer data.

Zappos said the hackers did not get full credit card numbers; instead they stole things like billing addresses and the last four digits of credit card numbers.

The company sent out a mass e-mail urging customers to change their log-in passwords as soon as possible.

"There may have been illegal and unauthorized access to some of your customer account information," the e-mail read, "including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)."

Copyright 2012 ABC News Radio


Report: Chinese Hackers Breached US Chamber of Commerce's Servers

Brendan Hoffman/Bloomberg via Getty Images(WASHINGTON) -- It would appear that the U.S. Chamber of Commerce has more to worry about than the current state of the economy and its constant battles with the Obama administration.

The Wall Street Journal reported Wednesday morning that Chinese hackers managed to finagle their way into the Chamber’s computer servers and compromised the sensitive information of three million of its members, virtually gaining access to everything stored on the systems.

The hackers took about six week’s worth of emails from four employees working on Asian policy, according to the Journal, before the operation was shut down in May 2010.

Two people familiar with the top business-lobbying group’s internal probe say the Chinese hackers might have had free reign of the Chamber’s computer servers for up to a year before the FBI informed officials about the breach.

One of the suspected culprits is believed to be linked to the Chinese government, the Journal said.

Meanwhile, Geng Shuang, spokesman for the Chinese Embassy in Washington, denied that China was behind the hacking scheme, saying that its accusers “lack proof and evidence.”  Shuang claimed that cyber attackers are outlawed in his country and that China has also been a victim.

Since the breach, the Chamber of Commerce has bolstered its detection equipment and forbids employees from taking portable devices to certain countries, including China.

Copyright 2011 ABC News Radio


Facebook Spam Attack: Graphic Pics Plague Profiles

Justin Sullivan/Getty Images(NEW YORK) -- Facebook is in the midst of one of its worst security breaches to date.

A few days ago, the social network was hit with a widespread spam attack that's leaving explicit and disturbing images on users' profile pages.

Explaining how the assault may have started, Lance Ulanoff, the editor-in-chief of, says: "The way it starts is somebody either grabs a link or clicks on a link in Facebook or something connected to Facebook which sort off launches it."

Ulanoff says the hackers' intention is not to rob one's identity, but rather "to disrupt the service and really shake people's trust in Facebook."

Facebook says its working on identifying who's responsible for the attack and shutting down those accounts.

Copyright 2011 ABC News Radio


Bank of America Site Experiences Delays for Second Straight Day

Davis Turner/Getty Images(CHARLOTTE, N.C.) -- For the second consecutive business day, the Bank of America homepage was down Monday, following spotty service this weekend.

Bank reps insisted that the website was not down because of hackers or malware, but because of traffic.

That server-busting traffic by some of Bank of America's 29 million online customers immediately followed the bank’s announcement of a $5 monthly fee it was imposing for debit card usage.  Time magazine’s blog implied much of that traffic was heading toward the exit, calling the debit card fee a “New-Coke level blunder.”

A Bank of America spokesperson told ABC News on Monday that “Online banking is not down.  Most customers are able to bank.  We have simply taken some proactive measures to manage customer traffic during peak hours during the day, which may result in some customers experiencing slowness or access issues.”

There’s no way to tell how many Bank of America customers are actually closing their accounts, or if that is indeed what’s happening.

Copyright 2011 ABC News Radio


Hackers Post Goldman Sachs CEO Lloyd Blankfein’s Info

Jin Lee/Bloomberg via Getty Image(NEW YORK) -- Hackers have posted personal information of Goldman Sachs' CEO Lloyd Blankfein online.

The group, identifying themselves as CabinCr3w, posted Blankefein’s recent addresses, age, litigation involvement, and other non-sensitive information on the website Pastebin. The information can be searched in public documents, but it was nevertheless deleted by Wednesday morning, CNET reported.

The group did not explain why it had targeted Goldman Sachs, one of the most prominent investment banks in the world.  A spokesman for Goldman Sachs declined to comment to ABC News.

Before the incident with Blankfein, CabinCr3w released information about a police officer, Anthony Bologna, who allegedly maced a group of women during the "Occupy Wall Street" protests.

The ongoing demonstration on Wall Street, which began on Sept. 17, have grown to include celebrities such as actress Susan Sarandon and documentary filmmaker Michael Moore.

Hundreds of people first gathered at Bowling Green Park in Manhattan -- home of the iconic charging bull in New York’s Financial District -- to protest "against financial greed and corruption," according to the group's website.

Copyright 2011 ABC News Radio

ABC News Radio