35m Cyworld, Nate users' information hacked

SK Communications Co. said on Thursday that personal information of its 35 million online users has been hacked, marking South Korea's worst online security breach and sparking fears that the leak could lead to massive online and voice scams in coming weeks.

"The company has confirmed that a leak of customers' information has taken place due to hacking on July 26," SK said in a statement. "The specific scale of the hacking is still being investigated, but it is estimated that some of the personal information of 35 million Nate and Cyworld members have been leaked."

Nate is the country's third-most visited Web search engine and Cyworld is the biggest social networking site with 25 million users, which accounts for half of the South Korean population.

SK Communications, which runs Nate and Cyworld, is a unit of the SK Group whose affiliates include top mobile operator SK Telecom.

Police said they would launch an investigation into the hacking incident at SK. The Cyber Terror Response Center, a police division dealing with crimes in cyberspace, is expected to identify who committed the hacking.

SK Communications said the hacking originated from a malicious code in China, an allegation that has yet to be verified by police investigation.

The hacking of the country's major website comes after a host of Korean online firms suffered from similar cyber attacks amid heightened worries over lack of security protection. A vicious cyber attack paralyzed the computer system of the National Agricultural Cooperative Federation, or Nonghyup, in April and 18 million users of Internet Auction Co., a unit of U.S.-based eBay Inc. had to change their password due to a security breach in 2008.

The latest hacking involves SK users' names, phone numbers, email, resident registration numbers and passwords. SK Communications said the members' password and resident registration numbers are protected through high-level encryption, but plan to set up a hotline for handling the hacking incident to stem secondary damage in the form of voice phishing and spam mail.

As with previous hacking incidents, Cyworld and Nate members are likely to receive more spam messages or fake calls from phishing firms.

SK Communications CEO Joo Hyung-chul issued a formal apology on Thursday: "Concerning this incident, we offer our apology to our customers and have taken all the necessary measures to minimize the impact and identify the cause and retrieve customer information in cooperation with the authorities."

Particularly worrisome is the security breach for Cyworld, the country's most popular social network service, a pioneer that had sparked the boom of photo-sharing among friends and family members. Although Cyworld has seen its popularity decline in the past couple of years, particularly with the introduction of foreign social services such as Twitter and Facebook, the local service still handles a huge amount of data including personal photos, videos and articles generated by its 25 million users.

Nate is a latecomer in the portal service market, but it has risen to rank third here, intensifying its competition with its bigger rivals Naver and Daum. The hacking of Cyworld and Nate, considering the size of the subscriber base at both services and their close integration with mobile phone services of SK Telecom, is expected to have a strong impact on the companies involved.

Shares of SK Communications, listed on the tech-heavy KOSDAQ stock market, plunged 5.95 percent to 17,400 won. Its sister firm SK Telecom saw its share price drop 2.64 percent to close at 147,500 won.

Read More

Cyber-attack alert for National Broadbank Network

THE high speed and wide reach of the National Broadband Network make it an ideal environment for cyber crime, prompting calls for NBN Co to step up and lead a debate about the security of the $36 billion network.

Security arrangements were brought into focus yesterday with the arrest of David Cecil, whom federal police allege hacked into internet company Platform Networks, one of 13 internet providers offering services under the NBN.

While NBN Co itself was not breached in the alleged cyber attack, security experts say the high speeds and wide reach of the fibre network make it a "force multiplier", allowing much quicker dissemination of viruses and "botnet" attacks, where cyber criminals control infected computers.

Graham Ingram, the general manager of the Australian Computer Security Response Team, said: "Everything bad you can do online you can do much better and faster with a high-speed network."

Mr Ingram said NBN Co was under pressure to roll out the network quickly: "I have no doubt NBN Co has been balancing the need to deploy the network with the need to secure the network."

However, Mr Ingram said NBN Co should lead debate about the security of the high-speed network, even though it was providing the basic bitstream pipeline and internet service providers were providing customer access and network services.

"All parties involved in this need to be the ones fixing it," he said. "NBN Co needs to be leading the security debate."

NBN Co defended the security measures it had put in place to protect the new fibre network against cyber-criminals, saying tools and a dedicated security team had been installed to detect and prevent attacks.

An NBN Co spokesman said: "The NBN was not hacked. It has not been compromised. It has not been affected in any way by the incident being reported. Any suggestion therefore that the NBN system was 'compromised' is entirely wrong.

"Security is built into the NBN backbone network. NBN Co does have controls to detect and prevent cyber attacks and we expect the telcos and internet service providers operating over the network to do the same."

The expectation that ISPs protect internet services against security threats will mean providers -- such as Telstra, Optus and iiNet -- will be liable for any damage to the NBN should a hacker infiltrate their systems. That liability is outlined in NBN Co's wholesale broadband agreement to be released publicly today.

Australian Privacy Foundation chairman Roger Clark said recent hacking incidents at major companies, which led to personal details of millions of people being jeopardised, showed organisations needed to take extra care.

He said one way was to make companies accountable if their systems were hacked by introducing a law enabling consumers to sue companies for failing to keep personal details safe.

Opposition communications spokesman Malcolm Turnbull said cyber security was a vital issue of national security.

A spokesman for Communications Minister Stephen Conroy said that although security of the NBN was a matter for NBN Co, there were stringent controls and safeguards to detect and prevent cyber attacks.

SOurce:- Google

Read More

Hackers post documents from Italian cybercrime unit

ROME - Hackers linked to Anonymous claim to have breached security at the government agency responsible for protecting vital computer networks in Italy.

The hackers posted a trove of apparently confidential documents online and claimed much more was to come from systems at CNAIPIC. So far less than 100 megabytes of data have been published but the hackers claim to have over eight gigabytes.

Links to the material were first posted on Twitter by @anonesc, one of many accounts that make announcements about the activities of Anonymous, a hacking collective that claims to have no formal leadership or structure.

Another Anonymous-linked account, @ AnonymousIRC, tweeted its support, saying "#AntiSec strikes at Italy government".

"Silent no more," it added. "AntiSec" is Anonymous' campaign against governments and the security industry.

The CNAIPIC files purport to contain information on an array of firms involved in critical infrastructure, including oil and nuclear firms, as well as government bodies such as the Australian Ministry of Defence.

The release follows the arrest earlier this month of 15 alleged members of Anonymous by Italian authorities, part of a global crackdown on the collective.

A public statement attributed to Anonymous at the time said those arrested were "peacefully protesting" for people's rights.

Read More

Bihar CM's fan page hacked on Facebook

Patna: A Facebook page created by fans of Bihar chief minister Nitish Kumar has been hacked by an unknown invader who posted an objectionable message on it, police said on Tuesday. Police have begun investigations after lodging a case here. The Nitish Kumar fan page has 8,145 followers.

"The cyber crime cell of police is looking into the case as this is a case of cyber crime," Inspector General Arvind Kumar Pandey said. An aide in the chief minister's office here said it was not an official page of Nitish Kumar on Facebook but was created by his fans three years ago. "This page has the biggest fan following of Nitish Kumar," the aide said.

Read More

Indore: Fake CM profile on Facebook makes fun of PM, Sonia

Indore: Social networking site Facebook emerged as nuisance for Bhopal police recently. Reason, a fake profile of Madhya Pradesh Chief Minister Shivraj Singh has been created on one of the largest social networking sites in the world.

The sham profile created fun of the Prime Minister Manmohan Singh and Congress leader Sonia Gandhi as it posted pictures that depicted the two leaders begging. Besides, it also had the pictures of Tricolour pasted between the flag of Pakistan.

In what is understood to be the first incident of cyber crime, a mischief maker- who is said to be a class XII student has created fake account in the name of Shivraj Singh. After the matter came into light, the CM had sent a written complaint to the DGP.

In the fake profile, the accused had mentioned CM’s qualification as a higher secondary passout. The birth date of the Chief Minister was also wrong on the profile which has more than 2,500 people, including top political leader, bureaucrats associated with it.

According to the police, the profile was created in January this year from a cyber café in Malharganj of the district. However, the matter could only be known on July 04.

Since creating a fake profile in itself is a cyber crime, Bhopal Police was investigating into the matter to nab the culprits.

The police initially got the sham account closed. Thereafter, it contacted the Hyderbad-based Facebook office where the company refused to provide the information of the account creator on the condition of maintaining privacy.

Through Interpol, the Bhopal police then sought help from the Singapore-based Head Office of Facebook, which informed that the fake account was created from a cyber cafre of Malharganj.

Following the information, the Bhopal Police CSP Ghanshyam Malviya raided the cyber café on Saturday night and arrested two people.

During the interrogation, the accused student said that he downloaded the images of Sonia Gandhi and Manmohan Singh from the net, edited them and posted them on Facebook. The police is also questioning if he had created other fake accounts in the name of high-profile people.

Meanwhile, surprised by the incident, other harried political leaders are checking about their fake profile on the social networking site.

Facebook, which allows one to post messages, pictures, videos and almost anything on the page created by an individual, doesn't have a technology that can authenticate real accounts of celebrities.

Read More

Kenya warned to secure money transfers

NAIROBI, Kenya, US is warning Kenya to enhance its security mechanisms particularly in the mobile phone money transfer technologies to outsmart cyber crime wizards.

International security experts from the US, including the department of Homeland Security have warned that unless Kenya puts in place proper security measures, it will soon become a target of cyber criminals now targeting mobile phone technologies like money transfers.

Christopher Painter who formerly worked as a senior advisor to the US President on cyber security acknowledged Kenya’s spearheading position in mobile money transfer systems, which is envied by countries abroad.

“We cannot afford to ignore that fact; Kenya is leading in the mobile phone money transfer technology. And the advice we are giving is for Kenya to enhance security in that sector because it is a soft target for cyber criminals,” said Mr Painter who spent two years developing President Barack Obama’s Cyberspace Policy Review.

“Criminals are no longer targeting computer users, they are looking at ways of tapping opportunities available in smart phone users and they are going for money. This mobile phone money transfer system is one of them and it needs proper security,” Mr Painter told reporters at a scheduled briefing at the start of the East African Workshop on Cyberspace Security taking place in Nairobi.

He said apart from offering advice to Kenya on how to tighten security measures for mobile phone users, experts from the US are in Kenya to learn more about the innovation of using mobile phones to carry out transactions in their countries.

“The technology is sophisticated and having started here [in Kenya], we are eager to learn about it,” he added.

He said there was need for security to be enhanced so as “to be ahead of computer hackers who may invent ways of withdrawing people’s money from mobile phones.”

Mr Painter is credited with leading the most high profile and significant cyber crime prosecutions in Los Angeles, including the prosecution of notorious computer hacker Kevin Mitnick.

Mobile phone operator Safaricom was the first to introduce M-PESA, which has increasingly become popular in enabling users to send and receive money using their mobile phones.

Other operators such as Airtel, Orange and yu have also introduced similar services under the brand names Airtel Money, Orange Money and yuCash respectively.

“This is an exciting technological innovation which must be protected,” Mr Painter who has previously served as Deputy Assistant Director of the Federal Bureau of Investigations (FBI)’s Cyber Division warned.

Other cyber crime international experts attending the workshop include Marie-Flore Kouame and Thomas Dukes—both of the Computer Crime and Intellectual Property Section [CCIPS], Patrick Traynor who is an Assistant Professor in the College of Computing at Georgia Tech, Robin Taylor a Resident Legal Advisor for the US Department of Justice in the Office of Overseas Prosecutorial Development among other top experts.

Information Minister Samuel Phogisio said Kenya will work closely with the US to improve its technologies so as to ensure Kenyans continue to enjoy services offered by local mobile phone companies in various transactions.

“We are sharing with US because we are faced with a lot similar security challenges. We will definitely come up with ways of solving these problems with the help of the US,” the Minister said.

The Permanent Secretary at the Ministry Bitange Ndemo said the government was looking at ways of building a strong capacity for the police to enable them utilize opportunities available in the ICT sector in managing cyber crime in the country.

“Once we do this, Kenya will be far much ahead in terms of managing cyber crime which is posing serious security threats to Kenyans, particularly those transacting through smart phones,” he added.

“It is a very broad aspect but we are working on it. We have had various attacks in the past, there was the attack on the police and one on the treasury,” he said.

This will also help address challenges posed by terrorist groups and those targeting internet communications.

Read More

Hackers hit Italian cyber-police

Hackers have started to release gigabytes of secret documents stolen from an Italian cyber crime unit.

The 8GB of files has allegedly been taken from the network of the Italian CNAIPIC which oversees the country's critical IT infrastructure.

In a message announcing the release, the Anonymous hacker group said it received the files from a "source".

The attack on CNAIPIC is thought to be in retaliation for arrests of Italian members of Anonymous.

Links to the first few confidential files purportedly stolen from CNAIPIC were placed on the Pastebin website. Anonymous claims the files were taken from the evidence servers of CNAIPIC (National Computer Crime Centre for Critical Infrastructure Protection).

The documents include information about government offices such as Australia's Ministry of Defence and the US Department of Agriculture as well as data about private firms Gazprom, Exxon Mobil and many others.

Preview images also shared by Anonymous reveal the management structure of CNAIPIC, pictures of staff and a long list of all the documents that have been taken.

CNAIPIC has yet to respond to requests for comment.

Officers from Italy's cybercrime division carried out a series of raids on homes of suspected Anonymous members in early July. Three people were arrested as a result.

Read More

Hackers Warn National Level Cyber Security Threats Against Italy

A group of hacker-activists waving a series of cyber attacks lately has surfaced to warn Italy that it would release secret information allegedly stolen from the country’s cyber crime unit, which could spell a compromise on its national IT infrastructure.

Anonymous and Lulzsec hackers struck Italian cyber crime unit Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche (CNAIPIC), according to a Tweet posted by Anyonymous IRC.

“If it’s true that security at CNAIPIC has been breached by hackers, that would be a genuine concern as the group works with intelligence agencies around the world,” Sophos technology consultant Graham Cluley said.

The link in the Tweet pointed to the previews of what the hacker group claimed to be 8GB of files, which have already been published in filesharing Web site Pastebin after it was leaked by a “source”.

“#AntiSec strikes at Italy Government. Silent no more,” said the Tweet.

“This is a pre-release of a series we are going to make to reveal the biggest in history of European LE cyber operation evidence exploitation and abuse. Thing’s gonna get published and twittered all over anonymous and lulzsec community,” Anonymous said.

“This corrupted organisation gathered all the evidence from the seized property of suspected computer professional entertainers and utilised it over many years to conduct illegal operations with foreign intelligence agencies and oligarchy to facilitate their lust for power and money, they never used obtained evidence to really support ongoing investigations,” added the hacker group.

The stolen documents could include information from the Egyptian Ministry of Transport and Communication, Australian Ministry of Defence, US Departments of Agriculture and Justice, and the Nepalese Ministry of Foreign Affairs, on top of the data obtained from private firms including Gazprom and Exxon Mobil as well as foreign governments, Anonymous claimed.

In addition, the attack allegedly compromised the confidential information of public- and private-sector organizations from the US, Egypt, Russia, Ukraine, Nepal, Belorussia, Vietnam, Cyprus, Gibraltar and the Cayman Islands.

The cyber attack was the latest in a series of “AntiSec movements” against organizations that Anonymous considers to be corrupt.

“So, why is Anonymous apparently targeting the Italian cyber crime authorities?” Cluley said.

“Well, earlier this month, Italian police searched dozens of houses and charged suspects, in an investigation into the Italian branch of Anonymous – which is suspected of hitting government, business and media websites with denial-of-service attacks.

“Inevitably there will be speculation that this is a counter-attack against the Italian authorities following the arrests.”

Earlier this month, Anonymous defaced Turkish government Web sites to protest the internet filtering regulations to be introduced next month.

More recently, the group claimed to have broken into the NATO servers as part of its AntiSec campaign. AnonymousIRC posted links that pointed to two documents.

The first, dated 2007 and marked “Nato Restricted”, was a purported working paper on communication systems at the Joint Communications Control Centre for ISAF forces in Afganistan, which included a detailed procurement estimates and technical information.

The second, dated 2008 with similar marks, contained proposals for outsourcing communications systems for Nato forces in Kosovo, while a third document dated 2002 laid down security ground rules for Nato.

Read More

Don't bank on your phone to evade virus

Security experts warn the malware Zeus is making its way in handphones in a mobile version dubbed Zitmo

LONDON - No one knows who lies behind Zeus, the notorious malware. Security experts believe he or she is Russian, but no one is completely sure. But what they all agree is that Zeus is the most pernicious "trojan horse" - a destructive program disguised as an application - on the internet. During the last four years it has infected millions of PCs, taking control of the computer and stealing personal banking details.

Zeus may be one of the most difficult types of malware to detect - but the great fear among cybercrime experts is no longer your home computer. A new strain of Zeus, dubbed "Zitmo" (it stands for "Zeus in the mobile") has begun to exploit a huge hole in personal banking security: The smartphone.

This malicious new version of Zeus has sparked intense concern among security companies. The chief executive of Trusteer, Mr Mickey Boodaei, said in a blog: "Bad news: Fraudsters have all the tools they need to effectively turn mobile malware into the biggest customer security problem we've ever seen."

But it's not just Zeus that smartphone customers should be worrying about, according to Mr Alex Fidgen of MWR InfoSecurity, one of the biggest cybercrime-busting outfits in Britain. It legally hacks into computers to test and improve security. More recently it has turned its attention to smartphones and found that it can crack open every new handset it sees.

"The mobile phone industry is not fit for purpose, especially for financial transactions," said Mr Fidgen. "The evidence is irrefutable. You cannot be assured of security with modern smartphones. As soon as the handset is compromised, then any data is up for grabs."

Mr Fidgen said the fault lies with the handset manufacturers not the network providers or banks. In the race to bring new phones and new features to the market, many have left security low on the agenda. Yet modern smartphones are in effect PCs with phones attached and, particularly when they are used in public Wi-Fi hotspots, they can become fatally compromised.

Trojans can enter a smartphone in many devious ways. All you have to do is click on a link or attachment that contains the virus, and within seconds it can secretly seize control of the phone. That link might be a tinyurl in Twitter. The attachment could be a vCard, the standard format for sending a business card to a phone.

Or you could be accessing a website in a cafe. At Wi-Fi hotspots, fraudsters create bogus gateways, known as "evil twins", to which the latest mobile phones will automatically connect. Once a connection is established, all the information passing through the gateway can be read directly or decrypted, allowing fraudsters to harvest user names, passwords and messages.

Until now, these attacks have been rare. But experts say that's just because smartphones are still taking off. "We're walking into a minefield," said Mr Fidgen, who has been warning about the risks of mobile banking for several months, "but nobody's bloody listening".

In a demonstration by MWR InfoSecurity, security consultant Mr David Chismon showed how easy it is to hack into smartphones. He clicked on an innocent-looking attachment sent in a text message, which contained a trojan, and within seconds installed itself on the phone as a bugging device. Even when we switched the phone off, in reality it was still on, and every 30 seconds it sent a recording of the user's conversations to the hacker's computer. It also began keystroke-logging and form-grabbing, to identify banking passwords.

We asked the banks for their views, but they told us that, as long as users take sensible precautions, customers should not be put at risk. A bank said: "We're committed to making our customers' mobile banking experience as safe as possible. We use the latest online security technology to protect our customers' personal information and privacy, and we guarantee to refund any money lost in the unlikely event of the customer experiencing fraud using mobile banking."

Zeus is such a worry because it's not one criminal gang but cells of them operating across the globe. At its heart is a Russian developer who produces the source code and then licenses the program to numerous fraudsters in the criminal underworld. This software genius regularly sends out patches and updates so that every time it is detected, Zeus bounces back again.

Don Jackson of Dell's security arm, SecureWorks, is the person who first discovered Zeus in 2007, and he has been pursuing it doggedly ever since.

"Zitmo has all the hallmarks of the original author of Zeus. This brand new version is his flagship new product which he's making available to a select few. He writes it, sells it for huge amounts of money, and even supports his 'customers' to rid it of any bugs that develop," he said.

Mr Jackson says: "We think there is an inner circle of two to 10 people, then as many as 100 working in the individual gangs. Most of the guys operate out of Russia and Eastern Europe, but they do have a large presence on the ground in the US and the United Kingdom. They can't just operate behind a keyboard.

"Sometimes they have to cash in the accounts and wire money over," he added. "We work a lot with government and law enforcement agencies. Zitmo/Zeus operators are now ranked as the number one security threat. This is a very, very capable group." THE GUARDIAN

Read More

Conference on Internet Security Held on July, 22, in Rethymnon

The Ministry of Citizen Protection, in cooperation with the Cyber Crime Unit of Greece organised a c0nference on Internet Security, on July,22 in Rethymnon. The conference was aimed at informing the citizens about the secure introduction of citizens in new technologies.

The conference was held at the House of Culture and addressed both parents and children, who had the opportunity through their interactive participation, to learn about Internet security, as well as be aware of its dangers.

Issues of everyday life such as the dangers of the Internet, Facebook, MSN, Blogs, Twitter, Forums and Personal Data Protection was discussed and topics of interest that concern all citizens were analyzed by experts and specialised psychologists.

Police Director and Head of Cyber Crime Unit, Emmanuel Sfakianakis was present at the conference. He and his team referred mainly to the offenses committed through the Internet, to statistics that prove how much and in what way Greeks use the Internet, as well as to the cases the Cyber Crime Unit usually deals with, by illustrating specific examples and facts.

Read More