SEARCH

Entries in Hacking (21)

Sunday
Jul072013

Financial Advice Company Morningstar Announces It Was Hacked

iStockphoto/Thinkstock(NEW YORK) -- The investment research provider Morningstar announced it discovered a cyber-break-in that may have compromised email addresses, passwords, and credit card numbers of nearly 200,000 clients.

According to the company, the security breach took place in early April, though they have only just now made it public. Some clients' info was stored in the targeted Morningstar Document Research system, and there is a potential that hackers have been able to use it.

Morningstar has notified federal regulators and sent notices to clients instructing them to reset their passwords. They are offering a year of free identity protection to clients whose information was compromised.

Copyright 2013 ABC News Radio

Wednesday
Mar132013

Chase Website Goes Down After Apparent Cyber Attack

STAN HONDA/AFP/Getty Images(NEW YORK) -- Chase apologized to its online banking customers on Wednesday who had a hard time logging onto the bank's website the day before.

For hours on Tuesday, if you tried to log onto the site, you were met with this message: "Our website is temporarily down, but our branches and Mobile Apps are available. Please try again later."

The bank tweeted to customers, "*ALERT* Chase Online is experiencing intermittent issues. We are working to resolve and will keep you updated."

Chase later confirmed to ABC News that it was the victim of a cyber attack called a denial of service (DOS).  The site has since been restored.

"*UPDATE* http://Chase.com  & JPMorgan Online are back up. We're sorry it was such a rough day and we really appreciate your patience," @ChaseSupport tweeted early Wednesday morning.

Copyright 2013 ABC News Radio

Thursday
Feb212013

Rising Computer Hack Attacks Prompt Concern

iStockphoto/Thinkstock(NEW YORK) -- A string of hacking attacks at high-profile U.S. companies has security experts and officials worried that the hackers are using information gained to plan even more sophisticated attacks.

Facebook announced it “was targeted in a sophisticated” attack last month, beginning a spate of high-profile hackings.  The Twitter accounts of Burger King and Jeep were taken over by hackers earlier this week, just weeks after the site announced 250,000 user passwords had been compromised in an attack.

And on Tuesday, Apple confirmed the same hackers who went after Facebook had accessed a small number of Apple employees’ Macintosh computers.

The Apple, Facebook and Twitter attacks could be related to an Eastern Europe operation, according to multiple reports.

“That part of the world is without a doubt the most prolific and advanced center for criminal hacking on the planet,” said Robert Siciliano, a McAfee online security expert.

The social media hacks are separate from the alleged Chinese cyber espionage attacks detailed in a report released by Mandiant, a Virginia-based cyber security firm.

While there is a lot to sort out, here is what we know:

Apple and Facebook


No data was stolen in the Apple and Facebook hackings, according to both companies.  Security experts told ABC News that the only information likely compromised was on the personal computers of those employees whose machines were infected.

Both attacks used a vulnerability in Java, the software used to show much of the content on Web browsers.  Because of that vulnerability, the Department of Homeland Security released a statement last month urging computer users to disable the software in browsers.

Apple said that its operating systems do not ship with Java installed.  If a user installs Java, Apple’s software will automatically disable it if it has been unused for 35 days.  Apple will also be releasing a new update that will help against Java threats.

Twitter

Twitter announced on Feb. 1 that 250,000 user passwords had been compromised, and said it had taken swift action, requiring a password reset before any hacked handle can be accessed again.

The breach was reportedly Twitter’s largest data compromise to date, though the number of affected Twitter handles accounted for less than 0.125 percent of the service’s 200 million active tweeters.

In a separate incident, the Burger King Twitter account @BurgerKing was hacked on Monday, with the logo, name and background page changed to McDonald’s.

The hacker posted tweets that Burger King had been sold to McDonald’s and the account had been taken over by McDonald’s employees.

On Tuesday, Jeep became the second brand name to fall victim to a hacker, with a prankster taking over the account and suggesting the car company had been purchased by Cadillac.

Some unconfirmed reports suggested the Burger King hack had been perpetrated by the hacking group known as Anonymous.

Twitter is reportedly considering two factor authentication in order to help prevent hacks like Burger King and Jeep.

China


A report released by Mandiant, a Virginia-based cyber security firm, alleges a specific Chinese military unit is likely behind a cyber attack campaign that has stolen “hundreds of terabytes of data from at least 141 organizations” since 2006, including 115 targets in the U.S.

Mandiant’s report was released a week after President Obama said in his State of the Union address that America must “face the rapidly growing threat from cyber attack.”

Protecting Online Privacy


Obama pushed cyber security to the forefront last week, signing an executive order that will allow government agencies to work with private companies to tackle cyber threats.

Industries based in the U.S. will be asked to create voluntary standards for protecting information, while the federal government will commit to sharing cyber threat data with companies.

After the spate of hackings, Siciliano says personal users should be concerned and take precautions.

“When you have criminal hackers going after public-facing, consumer-oriented companies, the end game is to hack the public,” he said.

Copyright 2013 ABC News Radio

Tuesday
Feb052013

Scammers Hacking Victims' Computers by Calling on the Phone

iStockphoto/Thinkstock(NEW YORK) -- Con artists are using old-fashioned technology to gain access to consumers' newfangled technology.

Here's how it works: A crook calls you on the phone, poses as a technician from a big company like Microsoft, and claims he's detected a virus on your computer.  The crook then asks for access to your computer in order to "help" you.

From there, the scheme can devolve into several different money-making ploys, according to the Federal Trade Commission.  The con artist may:

  • Ask for remote access to your computer and then change your settings in a way that makes your computer -- or the information on it -- vulnerable.
  • Enroll you in an expensive -- but worthless -- computer security, maintenance or warranty program.
  • Trick you into installing malware that then snags your private information, like passwords or financial details.
  • Ask for your credit card information and steal it or use it to bill you for fake services or services that are readily available for free.

As ABC News' consumer correspondent Elisabeth Leamy points out, this is where her oldest and best advice -- "be the hunter, not the hunted" -- comes into play.  In other words, learn to be skeptical of any stranger who comes at you claiming urgency and demanding money.

Instead, take the time to do your own search, says Leamy.  Find a published help line number for your hardware or software manufacturer or Internet service provider and dial it yourself.  Don't rely on any phone number or website the caller provides, as it may be a fake.

And be careful where you look up the contact information you need, Leamy advises.  A large company's home page is a good place to start.  An online ad is not so reliable, because the FTC says con artists have begun boldly placing ads containing false information in order to build an aura of realism around themselves.

If you have already fallen victim to one of these schemes, follow these steps:

  • Use legitimate security software to run a scan and see if there is malware or virus activity on your computer.
  • If you gave the caller any passwords, change them for the account in question and any other accounts for which you use the same passwords.
  • If the caller charged bogus services to your credit card, call the card company and insist that those charges be reversed.
  • If you think personal financial information may have been stolen, order your free credit reports at www.annualcreditreport.com, created by the Fair Credit Reporting Act, and check for suspicious activity.
  • If you verify that you are a victim of identity theft, the Federal Trade Commission has an entire website to guide you through fighting back, and you can find it by clicking here.

Copyright 2013 ABC News Radio

Wednesday
Jan092013

Iran Behind Hacking of Banking Sites?

iStockphoto/Thinkstock(NEW YORK) -- Recent hits on dozens of online banking sites may be the work of government-backed hackers in Iran, according to U.S. security officials. 

Since last September, hackers have cause slowdowns and other disruptions to widely-used banking sites.  Citigroup, Wells Fargo, Capital One, HSBC and Bank of America are among the sites that were hit. 

According to The New York Times, "the skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States."

Copyright 2013 ABC News SRadio

Wednesday
Sep262012

Consumerist Website: Was It Hacked?

iStockphoto/Thinkstock(NEW YORK) -- The consumer advocacy website Consumerist, which has been down nearly a week, had a spotty return Wednesday afternoon using the online publishing platform WordPress and alternate content.

Owned by the non-profit group Consumers Union, publisher of the venerable consumer testing site Consumer Reports, Consumerist publishes stories about consumer customer service issues and news.

The site normally requires users to register with an email address and password to comment on stories. However, the commenting functionality was temporarily disabled on an alternate version of the website posted Wednesday via its new hosting provider while Consumerist investigated its problems, a spokesman said.

On the new Consumerist site, a Q&A called “What’s Up With Consumerist?” said that the site “received reports that some of our pages had been altered to begin redirecting our traffic to spam websites. We took down [sic] as quickly as possible and began investigating.”

Consumerist was investigating if it has been hacked and will publish its findings on the site and notify users via email.

“The passwords are secured in accordance with industry best practices,” the Q&A said. “They are salted and hashed. As a matter of prudence and good practice we always recommend that you do not use the same password at more than one site, including Consumerist.”

Over the summer, Consumerist notified registered users that it had two “security issues.”

“We do not yet know for sure whether any user names, email addresses, or passwords were compromised; all password files were encrypted,” the site said at the time.

Michael Schreiber, editor-in-chief of the money and security site Credit.com, said it was “strange” that Consumerist may have been targeted because it is a site devoted to consumer financial protection.

“They have a long history advocating for the little guy,” he said.

Copyright 2012 ABC News Radio

Wednesday
Jun062012

LinkedIn Hacked: 6.4 Million Passwords Reportedly Stolen

Jin Lee/Bloomberg via Getty ImagesUPDATE: LinkedIn said a number of its users' accounts were compromised in a security breach, posting on the site's blog Wednesday, "We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts."

[ READ LINKEDIN'S TIPS FOR SECURING YOUR ACCOUNT ]

(NEW YORK) -- The social networking website LinkedIn is investigating claims that more than 6 million passwords were stolen and uploaded to a Russian-language web forum Wednesday.

Reports of the hacking first appeared on Russian language websites and were confirmed by security firms, who reported that a user in Russian-language forum posted the passwords Wednesday.

A Twitter account run by LinkedIn announced Wednesday morning that the company "continues to investigate" but was still unable to confirm whether any security breach occurred.

Graham Cluley, a security expert working at the British firm Sophos, said in a blog post that although the passwords are not correlated to user names, "it is reasonable to assume that such information may be in the hands of the criminals." Cluley said that the security firm had confirmed that the file uploaded to the Russian forum did contain the LinkedIn passwords, despite the company's hesitation to confirm it.

Users who fear that their passwords may have been stolen can change their passwords on the website by clicking on their names in the upper right corner of the website's homepage, and then clicking on Settings and choosing the "Change" link next to password.

Cluley also recommended changing passwords at other sites where users may have used the same password.

Copyright 2012 ABC News Radio

Monday
Dec262011

Hacking Group 'Anonymous' Takes First Step in 'Master Plan'

CamEl Creative/Getty Images(AUSTIN, Texas) -- The global activist hacking group Anonymous claims to have obtained thousands of credit card numbers and personal information from the high-profile clients of a leading security think tank, all in the name of charity.

Up to a total of $1 million was reportedly stolen from Stratfor, in Austin, Texas, a leading provider of military, economic and political analysis for clients that include Apple and the U.S. Air Force.

Anonymous, an online community with no hierarchical organization, has been working with the hacking group Lulzsec on a series of hacking attacks it calls Operation Anti-Security, or Operation AntiSec. The operation began in June 2011, with an attack on the Serious Organized Crime Agency, the U.K.'s national law enforcement agency. Since then, attacks have targeted the governments of Brazil, Tunisia and Zimbabwe, NATO, various U.S. law enforcement websites and Fox News.

Anonymous promised that the attack on Stratfor was just the beginning of an assault on a long list of targets.

"#Antisec has enough targets lined up to extend the fun fun fun of #LulzXmas throught the entire next week," @AnonymousIRC tweeted.

In a statement released Monday, Anonymous said, "Tomorrow, we will be dropping another enormous dump on our next target: the entire customer database from an online military and law enforcement supply store."

The group said Stratfor was "clueless ... when it comes to database security," noting that many passwords were merely the company's name. Stratfor's website is currently shut down, with the message, "Site is currently undergoing maintenance."

The company did not immediately return a call to ABC News, but did recognize the attack on Facebook and warned its clients against publicly supporting the company: "It's come to our attention that our members who are speaking out in support of us on Facebook may be being targeted for doing so and are at risk of having sensitive information repeatedly published on other websites."

Anonymous claims it isn't hurting people but rather donating the stolen money to various charities, like a modern day Robin Hood. Receipts the group posted show donations to the Red Cross and Save the Children Foundation.

Anonymous has made headlines the world over for a string of high-profile hacks the group claims to have carried out -- from allegedly hitting the websites for Paypal, Visa and Mastercard to name a few.

Copyright 2011 ABC News Radio

Sunday
Dec252011

Hackers Target US Intelligence Think Tank

iStockphoto/Thinkstock(WASHINGTON) -- The hacking group Anonymous claims it has stolen a collection of emails and credit card data from security think tank Stratfor.

Stratfor’s website says that it “is currently undergoing maintenance,” and to “Please check back soon.”

The company said the names of some of its corporate subscribers may have been shared.

On Twitter, the hacking group posted a link to what it said was a list of Stratfor’s clients; the list included the U.S. Army, Air Force, investment firm Goldman Sachs and financial firm MF Global.

Copyright 2011 ABC News Radio

Wednesday
Dec212011

Report: Chinese Hackers Breached US Chamber of Commerce's Servers

Brendan Hoffman/Bloomberg via Getty Images(WASHINGTON) -- It would appear that the U.S. Chamber of Commerce has more to worry about than the current state of the economy and its constant battles with the Obama administration.

The Wall Street Journal reported Wednesday morning that Chinese hackers managed to finagle their way into the Chamber’s computer servers and compromised the sensitive information of three million of its members, virtually gaining access to everything stored on the systems.

The hackers took about six week’s worth of emails from four employees working on Asian policy, according to the Journal, before the operation was shut down in May 2010.

Two people familiar with the top business-lobbying group’s internal probe say the Chinese hackers might have had free reign of the Chamber’s computer servers for up to a year before the FBI informed officials about the breach.

One of the suspected culprits is believed to be linked to the Chinese government, the Journal said.

Meanwhile, Geng Shuang, spokesman for the Chinese Embassy in Washington, denied that China was behind the hacking scheme, saying that its accusers “lack proof and evidence.”  Shuang claimed that cyber attackers are outlawed in his country and that China has also been a victim.

Since the breach, the Chamber of Commerce has bolstered its detection equipment and forbids employees from taking portable devices to certain countries, including China.

Copyright 2011 ABC News Radio







ABC News Radio