Showing posts sorted by relevance for query Data Theft. Sort by date Show all posts
Showing posts sorted by relevance for query Data Theft. Sort by date Show all posts

Executives underestimate cybercrime danger

Posted by Avik Sarkar On 5/18/2011 11:11:00 pm


collage: data stream and eye

These are boom times for stolen data. Be it the publication of secret diplomatic cables on Wikileaks, foreign intelligence services mining data from German government computers, or the case of Sony, which had to admit that information on millions of customers had been hacked, the incidence of sensitive data being stolen from protected networks is on the rise.
German business leaders are well aware of this phenomenon, according to consulting firm Ernst & Young, which surveyed 400 executives on the topic of economic espionage and data theft. Almost all the respondents said they were convinced that the problem would become even more serious in the future, especially in countries and regions such as Asia, China, eastern Europe, Russia and the US.
However, Ernst & Young found a remarkable contradiction in its poll. While 94 percent of those leaders surveyed talked about the growing danger of cybercrime, 38 percent said they thought the threat to their own firm was rather small.



Digital denial
One-half of those polled said the danger posed to their companies was only moderate, and only one in ten admitted that their firms had been victims of corporate espionage or data theft in the past three years.
"This is far removed from reality," said Stefan Heissner, a security expert at Ernst & Young. "Our experience tells us that every company faces this risk, not just large corporations."
He added that many executives do not take the risk seriously enough.
"All information today can be accessed in some way and those who don't accept that live with a sense of false security," he said.


In-house problem
Sometimes simple online searches and the collection of data from different sources, available to anyone with an Internet connection, can lead to the assembly of amazingly complete troves of sensitive information.
Getting hold of important information doesn't always involve a talented hacker or direct access to a data-rich computer and a USB stick. Sometimes human vanity is enough, according to Heissner.
"Just think of the amounts of know-how some people reveal in speeches at conferences or trade fairs," he said. "It's sometimes really dramatic."

However, the most dangerous risk for companies is not hackers from another continent - experience bears out – but disgruntled in-house workers. In two-thirds of data theft cases, companies say their own employees were the guilty parties.
In about half of those instances, monetary gain was the motive, although one-third involved taking revenge for some kind of slight, perceived or otherwise.
"A good defense against data theft is satisfied employees," said Heissner.


Antitrust issues
Computers in a company's administration department are most frequently targeted, even more often than those in research and development sections. According to Heissner, that is because a company's administration usually has to have an immense amount of information on its computer drives just to be able market its own products.
That means data theft from these machines often becomes an antitrust issue if the material taken is related to product launches or pricing.
"Some cases where antitrust authorities suspect price collusion among companies are in fact instances of data theft by competitors," Heisser said.



Lax security
Many firms struggle to establish effective countermeasures to prevent data theft. While most companies do have a basic system of firewalls and passwords in place, big holes often remain.
Only one in five companies forbid CD burners or USB ports on its computers, which are often used by data thieves absconding with precious data. Only about 18 percent of companies prohibit employees from accessing the Internet. And just 6 percent have installed so-called intrusion detection systems, which can alert system administrators when outside parties try to breach computer security walls.
In addition, only one in ten firms is certified according to standards set out by the Federal Office of Information Security (BSI), which investigates IT security risks and develops preventive security measures.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Data Theft' A Serious Issue! Be Watch Full, Be Safe

Posted by Avik Sarkar On 2/20/2013 06:52:00 pm

Hidden Costs of 'Data Theft' A Serious Issue! What You Need to Know to Be Safe 

Sitting at the edge of technology, we the people of this century are blessed with all the required equipment  which makes our work so easy that one could have even imagined three hundred years ago. Along with these positive sides, we must have to keep in mind that, these technologies not only elaborating our effort  making life easier, but also posing  high level of threat. As the main concern of VOGH is cyber domain, so here w would like to share a fact which will make you think and even make your cyber life and your personal life too uncanny. Yes, I am talking about the rising cyber threats; the more we are shedding with technologies, the more we are involving our lives with some dangerous threats and challenges. Now a days cyber criminals are every where, you don't even know, what trap has already been set for you, that can ruin your happy life. One of the big example is "Data Theft" which becoming boomerang for us. In an age of fully digitized data, consumers and businesses can lose thousands of dollars in the blink of a hacker’s eye. The costs of data theft are well known to anyone who has ever found themselves victim to financial identity or medical record fraud. What few of us realize is that the procedures required to right a financial wrong are often costlier than the crimes themselves. Lets share some interesting statistic, which will surely put terror in your mind - the economy loses an average of $22,346 for every time an identity is stolen. And to fully recuperate losses, repair credit and prosecute fraudsters, consumers, accountants, lawyers and IRS officials can spend up to 5,000 hours, the equivalent of two years of full-time work on a single case. Even so, 60% of medical record fraud victims admit that they don’t monitor their medical statements for inconsistencies. 

Shocking!! Why not?

For one, most consumers don’t have time every month to file through complex medical or financial statements and check for accuracy. And secondly, the image of thousands of evil savants working around the clock to hack BOA databases sure makes a consumer feel helpless. Identity theft seems random and unpreventable–a stroke of bad luck like getting struck by lightning. If we are struck, we tell ourselves, banks, credit agencies and insurance companies are legally bound to recover our funds and correct our records. 

Now lets check out a fascinating video in our Hidden Costs Series to get a deeper look at how our high-cost, high-risk data management systems really work.



Hidden Costs of Data Theft (Statistic At a Glance):-


Data theft includes financial identity theft, identity cloning, and medical identity theft. The average cost per victim was $22,346 in 2012. And the total national cost of just medical identity fraud was $41 billion in 2012. The worst part – nearly 60% of reported victims say they don’t ever check their medical records for fraud. Depending on the severity of the case, it can take over 5,000 hours (the equivalent of working a full-time job for two years) to correct the damage.
Since 1935, over 435 million social security cards have been issued. That’s over 2,175 tons of paper issued as cards, or 52,200 trees and 5 million new cards are issued every year. 
Worldwide, digital warehouses storing private information, like banking and personal history, use about 30 billion watts of electricity, which equals roughly the output of 30 nuclear power plants. Data centers in the US make up almost a third of that usage, and waste 90% of the electricity they pull off the grid.
On average, 47% of victims encounter problems qualifying for a new loan and 70% have difficulty removing the negative information from their credit reports.
Over the next five years, the IRS stands to lose as much as $21 billion in revenue due to identity theft, and worldwide, businesses lose close to $221 billion a year with the US, UK, Canada and Australia ranking the highest in reported fraudulent activity.


After reading the above story carefully, many of you will feel insecure and panic. But I would like to inform you that the main purpose of sharing such important information, is to enhance carefulness, to rise cyber awareness. Many people became victim, not because of less knowledge, but of less information, less awareness. So from now onward before connecting your self into the digital world make sure that the significant & the emergent knowledge and information you have gathered from the article, should remain intact inside your brain. Trust me, if you became a bit cautious, you can easily get rid of all those cyber threats, and can enjoy the bless of technologies to make your life prosperous and happy. 

So stay tuned with VOGH and also be canny, be attentive and be safe inside the digital world. 

We the Team VOGH heartily thanks one of our invaluable reader and friend Emily Stewart of Insurance Quotes for the statistic and the awesome video. We love you Emily :) 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cybercrime can ruin the entire economies

Posted by Avik Sarkar On 5/22/2011 12:51:00 pm



Russian anti-virus guru Eugene Kaspersky does a quick calculation in his head as he blinks at the ceiling.Satisfied, he announces: "About 200000."

That's the number of virus-infected computers in a targeted attack on SA's internet infrastructure that would shut it off from the rest of the world. No e-mail. No electronic transactions. No web searches. No e-government. No Skype, Twitter or Facebook. Nothing.

He's not being alarmist - it happened in Estonia in 2007.
And 200000 rogue computers is not a huge number. Organised syndicates or loners with modest technical know-how and resources can harness millions of virus-infected machines they effectively control to add muscle to their efforts - from stealing money and identities to managing online corporate espionage or collapsing the infrastructure and function of a country's economy and government.
Kaspersky is CEO and founder of Kaspersky Lab, one of the world's top four anti-virus software companies and Europe's biggest. Worldwide, the software anti-virus industry is worth about $7-billion a year in profit for firms in the sector. His fortune is estimated at $800-million and Forbes rates him as Russia's 125th-richest person. He was in SA to talk to business executives and security experts about the rising cybercrime threat to business, governments and organisations of all types.
"There are literally millions of computer viruses in the wild," he says. "Last year alone we collected 20million of them. Most are variations on a theme and can be dealt with automatically in our labs. However, there are teams of experts at anti-virus organisations around the world that work against new threats round the clock. Once a virus is discovered, it can be reverse-engineered and countered with an antidote pretty quickly," says Kaspersky.
He worries about the ability of viruses, or malware (malicious software) to perform increasingly sophisticated and sinister attacks. Typically, these are denial of service (DOS) assaults using networks of computers infected by malware to bring down websites or online services by bombarding them with data. People who control these botnets can trigger a destructive payload at will.
The 2007 Estonian attack showed a botnet with enough resources could shut down banks, government departments, education networks, the media - just about any organisation with an online presence.
DOS attacks are just one aspect of the destructiveness of modern malware. Malware can also help with identity theft and data theft. The damage can be devastating.
"Estimates put the cost to business of cybercrime at anything between $100-billion to $1-trillion," he says . "One of the reasons it's so hard to put a figure on it is organisations that have been compromised are reluctant to talk about it."
Another is they don't know about it. Data theft is big business but differs from other forms of pilfering in that the original data stays where it is while a copy is spirited away, often undetected, via the ether.
"Some businesses are aware and active in countering virus attacks. Banks, for example, now build losses from cybercrime into the cost of doing business - they have a budget for it which includes defending against it and compensating for it when breaches occur. Computer viruses have permeated every part of society," he says.
In August 2008, a Spanair airliner crashed just after taking off from Madrid. It was that year's deadliest aviation accident and 154 people died.
Kaspersky says the airline found the computer system used to monitor aircraft technical problems was infected with malware that probably prevented detection of a system failure.
Last year marked the appearance of the Stuxnet virus, a virus so complicated to produce and dispatch it was probably at least partly the work of, or funded by, a nation state. Speculation is Stuxnet's purpose was to sabotage an Iranian nuclear reactor, although it can damage a variety of industrial systems.
Computer viruses have come a long way since the first, written in 1982 by US schoolboy Rich Skrenta, 15. Called Elk Cloner and written for early Apple II systems, it replicated itself on floppy disks and displayed a poem, sometimes corrupting disks it infected.
Brain was the first virus to infect IBM PCs and was released in 1986. It was written by two Pakistani brothers and distributed with their medical software to prevent piracy. It replicated itself and slowed systems.
The advent of the commercial internet in the early 1990s provided the ideal vehicle to spread viruses.
More advanced techniques used by virus writers meant they could be used to do anything from data theft and identity fraud to corporate espionage, blackmail and extortion.
Kaspersky says a Swedish bank was attacked in February and the remote access Trojan fooled operators into thinking that the screens they were monitoring had been frozen by a Windows blue screen computer error.
"The first rule when this happens is don't touch anything. They didn't. But the machine wasn't frozen, the virus had generated the blue screen and was diverting funds in the background from a perfectly functioning system that the operators thought wasn't working.
"Now malware writers are using social networks like Facebook and Twitter to spread their work." Organisations were threatened from within by disgruntled staff or criminals as shown by malware found on organisations' computers not connected to the internet.
Kaspersky says the computer virus threat is on the rise and inadequately protected businesses are vulnerable.
"Cybercrime is an industry now. Governments are finding it difficult to fight it because any laws they make regarding cybercrime are difficult if not impossible to enforce in the online world where attacks may come from networks made up of computers in different countries.
"Even on home soil, laws are difficult to keep relevant as the nature of attacks change. And in Japan, for example, there's simply no law against writing computer viruses.
"Lack of understanding the real threat of viruses is a dangerous game for businesses and organisations of all sizes to play," he says.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Greater Manchester Police Fined £150,000 By ICO For Using Unencrypted USB Sticks

Posted by Avik Sarkar On 10/17/2012 05:13:00 pm

Greater Manchester Police Fined £150,000 By ICO For Using Unencrypted USB Sticks 

To fight against major security breaches, data loss, cyber theft, and many other cyber challenges, both Government and higher authorities are becoming as tight and strict as they can. While sitting at edge of cyber security, not even a single mistake or carelessness will be negotiated. So either you have to deliver your very best, or you have to penalty, exactly the same thing happened to Greater Manchester Police. Yesterday, I mean 16th of October The UK Information Commissioner's Office (ICO) in the UK recently fined the Greater Manchester Police £150,000 for a data breach. In their press release ICO said - Greater Manchester Police force is being fined for failing to take appropriate measures against the loss of personal data. The action was prompted by the theft of a memory stick containing sensitive personal data from an officer’s home. The device, which had no password protection, contained details of more than a thousand people with links to serious crime investigations. The ICO found that a number of officers across the force regularly used unencrypted memory sticks, which may also have been used to copy data from police computers to access away from the office. Despite a similar security breach in September 2010, the force had not put restrictions on downloading information, and staff were not sufficiently trained in data protection.
The findings prompted the Information Commissioner to use his powers under the Data Protection Act to impose a Civil Monetary Penalty of £150,000. Greater Manchester Police paid that penalty yesterday, taking advantage of a 20 per cent early payment discount (£120,000). 

David Smith, ICO Director of Data Protection, said: -“This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine. “It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action.
“This is a substantial monetary penalty, reflecting the significant failings the force demonstrated. We hope it will discourage others from making the same data protection mistakes.” 
The monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Commissioner.   






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Enhanced Anti-Logger, Privacyware PC Security & Hacking Protection supported by IPv6

Posted by Avik Sarkar On 6/09/2011 05:41:00 pm

 


Privacyware, an innovative provider of web application firewall, pc security and security data analytics software, announced today that it has released a new version of Privatefirewall, the leading free security product for Windows PCs. The new software features full support for IPv6 and enhanced protection against critical hacking, privacy and identity theft threats.
"The frequency and magnitude of reported data theft incidents consistently reminds us of the real threat that exists as our reliance on the Internet to bank, shop, and personally or professionally interconnect continues to grow,” said Greg Salvato, chief executive officer at Privacyware. “Our new Privatefirewall release provides expanded packet inspection to support IPv6 and offers greater protection from keyboard, screen, clipboard and other logging techniques used by hackers and malware to steal private data.”
Privatefirewall employs a multi-layered security architecture that combines stateful packet inspection of inbound and outbound traffic and intelligent HIPS technologies that model and monitor system and application behavior to identify and block activity characteristic of Trojans, keyloggers, port scanning, program hijacking and zero-day threats. Privatefirewall ranks among the best performing desktop defense applications tested against the industry's most rigorous leak, general bypass, spying and termination tests.

Privatefirewall delivers four key benefits:
•Stateful inbound/outbound firewall, process monitor and behavioral monitoring technologies provide deep, proactive protection from malware and hackers for your system and personal data.

•Simple setup and operation ensures powerful out-of-box protection and peace of mind with ease.

•Elegant solution design is extremely light on system resources and won't slow down your PC.

•Unsurpassed value – Privatefirewall is available free of charge.

Key Features of this Privatefirewall Update Include:

•IPv6 packet filtering and tunneling support.

•Expanded anti-logger protection including clipboard and screenshot logging detection, driver load attempt detection and enhanced code injection monitoring.

•Improved leak, general bypass, spying and termination defense performance.

Privatefirewall provides an excellent layer of additional protection for the Windows operating system and supports 32 and 64 bit versions of Windows 7, Vista, and Server 2008/R2 as well as 32 bit versions of XP and Server 2003.

Pricing and Availability:
Privatefirewall 7 is free and available now. Visit http://www.privacyware.com to download today. Privatefirewall supports 32 and 64 bit versions of Windows 7, Vista, and Server 2008/R2 as well as 32 bit versions of XP and Server 2003. Private label and OEM licensing and integration options are also available to ISVs, ISPs and hardware and peripheral equipment vendors.

About Privacyware:
Privacyware is an innovative provider of award-winning pc security, web application firewall and security data analytics software. Privacyware products leverage conventional and neural analytics technologies to help systems administrators, IT security and compliance personnel more effectively identify, understand and prevent malicious, unauthorized and/or deviant computing system activity. Privacyware is a member of the Microsoft Partner Network with Gold Independent Software Vendor (ISV), and Silver Business Intelligence and Data Platform Competencies.
Privacyware and ThreatSentry, Privatefirewall, and Adaptive Security Analyzer are registered trademarks of PWI, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. ©2011 PWI, Inc. All rights reserved.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Laptop Theft Puts Thousands of Employees & Contractors at Risk

Posted by Avik Sarkar On 11/21/2012 01:17:00 am

NASA Laptop Theft Puts Thousands of Employees & Contractors at Risk

So far NASA have been targeted several times, where hackers penetrated the digital security. But here comes a bit different type of breach. A laptop with data on thousands of employees and contractors has been stolen from a NASA employee's car. NASA issued serious warning and it it informing its employees that a laptop computer with personnel information such as social security numbers was stolen from a locked car two weeks ago, potentially putting thousands of workers and contractors at risk. The laptop, issued to an employee at NASA headquarters in Washington, was password protected but its disk was not fully encrypted, making it relatively easy to access the information stored in that hard disk. This security breach  may affect thousands of employees and contractors at NASA facilities around the United States.
NASA has contracted a specialist consulting firm to identify and contact persons affected by the data breach, saying that the process could take up to 60 days due to the large amount of data. NASA Administrator Charlie Bolden banned the removal of unencrypted laptops containing sensitive information from any NASA facility and ordered security software upgrades to be finished by December 21. NASA has now instructed its employees to use full disk encryption (FDE) to lock down hard drives on all devices that process critical data by this 21st December. The agency also warned employees about storing sensitive data on smart phones and mobile devices. The agency is offering employees free credit-monitoring services and other support.
The laptop theft is the latest in a string of NASA security breaches over the past few years. In March, a Kennedy Space Center worker's laptop that contained personal information on about 2,300 employees and students was stolen. A NASA inspector general report this year determined 48 NASA laptops and mobile computing devices were lost or stolen between April 2009 and April 2011, many containing sensitive data.



-Source (Reuters)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber Shield deal Between India & US

Posted by Avik Sarkar On 7/20/2011 03:26:00 pm


India and the US today inked a pact on cybersecurity to intensify information exchange on threats to computers and networks and initiate joint work on technologies against cyber-attacks.
A joint statement on the India-US strategic dialogue has announced the cybersecurity agreement among new initiative by the two countries. These initiatives also include a plan to develop a software platform to make available non-sensitive government data to the public and to award $3 million each year to entrepreneurial projects that commercialise technologies to improve health.
A memorandum of understanding between the Indian and the American Computer Emergency Response Teams (CERT) is expected to lead to routine exchange of information on vulnerabilities and co-operation on cybersecurity technologies, Indian CERT officials said.
“This comes at a time when cybersecurity-related incidents are increasing in number and becoming more and more sophisticated,” said Gulshan Rai, director-general of the Indian CERT, a division of the ministry of communications and information technology.
Rai said the MoU is expected to lead to greater exchange of information between Indian and US CERTs about known and emerging threats, specific vulnerabilities of computers and networks and open opportunities for joint technology development.
The CERTs track and catalogue threats, advocate protective mechanisms, and respond to attacks on computer systems in the two countries.
The latest monthly security bulletin from India’s CERT says 151 computer security-related incidents were reported during May 2011 alone, among which more than half involved “phishing” — an attack or an intrusion that involves some form of identity theft.
Last year, unidentified hackers, believed to be based in China, had penetrated computers in sensitive Indian government offices, including the National Security Council secretariat, and stolen documents on missiles, and personal and financial data of Indian officials.
India already has cybersecurity pacts, primarily for the exchange of information, with Japan and Korea and is planning to develop one with Finland.
The cybersecurity pact followed consultations led by the Indian and the US National Security Councils on prospects for bilateral co-operation on cybersecurity issues, held on Monday, a joint statement on the India-US strategic dialogue said.
The joint statement also said the Nasa has “reiterated its willingness to discuss potential co-operation with the Indian Space Research Organisation on human spaceflight”.
While the Nasa offer comes on the eve of the retirement of the US Space Shuttle, space experts believe Nasa has accumulated enormous expertise on human spaceflight — for instance, in the area of onboard life support systems — that could help India in its own long-term plans to develop a space capsule large enough to carry two astronauts into a low-earth orbit for a short mission.
The open source software platform that India and the US plan to create is intended to help make available to the public all non-sensitive government information through a user-friendly website.
It is expected to be patterned on the lines of America’s own government data websitewww.data.gov which began with 47 government data sets in May 2009, but has more than 392,000 data sets today.
“We have all kinds of data there — data sets on infant car seats, airline statistics, hospitals,” said Aneesh Chopra, the chief technology officer in the US, who is also assistant to US President Barack Obama.
An Indian government official said India is preparing a policy initiative to get myriad government departments into making non-sensitive data — from education to health to public infrastructure — public through a so-called National Data Sharing Access Policy (NDSAP). The official who spoke on condition of anonymity said this NDSAP is yet to be approved by the Union cabinet.
Among other initiatives, the India-US science and technology endowment board established in 2009 has decided to award $3 million annually to projects proposed by entrepreneurs for commercialisation of technologies to improve health and empower citizens.
The first call for proposals has already attracted more than 380 joint India-US proposals and the first set of awards will be announced in September this year.

                                     
                                                                                                                                                                             -News Source (The Telegraph)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Wisconsin University Hacked (75,000 social security numbers, Student Credentials Exposed)

Posted by Avik Sarkar On 8/12/2011 04:15:00 pm


The University of Wisconsin’s Milwaukee campus has been subject to a malware attack, which has exposed names and social security numbers of students — past and present — and staff alike.
Malware was discovered on a database server, which contained 75,000 social security numbers, and was shut down immediately after the malware was found.
While law enforcement and school investigators have yet to find evidence that data was stolen, the university sent out a letter to those who may have been affected by the breach.
In a statement, the vice-chancellor — the university boss — believes that the motive was theft of research project data; data and research programmes the university itself excels in. Staff found back-door malware, which can scan and view documents on a server, which is used by many of the university’s departments to store crucial research.
One of the concerns is that the malware could have had access to other servers, indicating the likelihood of a wider hack.
The malware is thought to have been installed on May 25th, and local and federal law enforcement were called in to investigate. On June 30th, however, it was discovered that the database containing social security numbers was compromised, also.
University officials, via a notice on their website, warn students to monitor their financial information and credit card statements to be on the safe side.
This news comes only days after it was discovered that users’ data, including social security numbers — predictable in nature — can be taken from sites like Facebook and other publicly government sites.
While data in this case may not have been downloaded — only exposed to hackers by malware — it once again calls questions on the data that universities have on its students.
It is, however, another reminder to users of Facebook and other social networking sites not to make birthday and date of birth data available on the web. While though it may be benign on in singular form, hacks like these, which include your full name, make you even more vulnerable to identity theft and bank account hacks more likely.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Arabian Hackers Breached Israeli Data Center 'WebGate' & Stolen Thousands of Credit Card Information

Posted by Avik Sarkar On 8/11/2012 12:58:00 am

Arabian Hackers Breached Israeli Data Center 'WebGate' & Stolen Thousands of Credit Card Information


Israel again faced cyber-attack, this time  a hacker group calling themselves "Remember Emad", apparently from an Arab country or countries, claimed on Wednesday that it had breached the Israeli WebGate company's server and gleaned information stored in its Web pages. This is not the very first time, few months ago another hacker group named Group-XP, from Saudi Arabia has stolen more than 400K Israeli Credit Cards. Hackers wrote on the page: "WebGate is considered the 10th biggest Israeli data center. It hosts more than 6,000 Israeli domains and subdomains. Today we are going to publish the first part of its data. We have terabytes of data from WebGate, but uploading the whole chunk of data on our servers will take time, so we decided to publish them gradually." The data published on Wednesday included an alleged list of a thousand user names, passwords and email addresses of Israel Broadcasting Authority forum members. A list of credit card numbers belonging to Israelis was also released, although some of the cards were known to have expired. The hackers also claimed to have breached the page of the Presidential Conference, sponsored by President Shimon Peres, and revealed personal details about the WebGate administrator. A statement by the Bank of Israel on Wednesday said the bank was not aware of any theft of credit card details by any hacker using a name attributed to Mughniyeh. Senior bank officials called the claimed massive thefts "nonsense," 
A spokesman for Isracard said: "A file containing 1,500 data entries was published, 49 of which were identified as valid information of credit cards belonging to Isracard clients. The cards were immediately blocked and a message will be sent to the owners of the cards on Thursday." 


-Source (Israel Hayom)











SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

ZoneAlarm Free Firewall 2012 !!

Posted by Avik Sarkar On 11/16/2011 07:35:00 pm

Several months after releasing 2012 product-line, Check Point has released an upgrade to its free firewall. This new version, i.e. ZoneAlarm free firewall 2012 comes with few new features and some much needed fixes.

Features of ZoneAlarm free firewall 2012:-
  • 2-Way Firewall - monitors inbound outbound traffic and kills malicious processes.
  • Full Stealth Mode - makes you invisible to hackers
  • DefenseNet - This community powered cloud-based service eliminates overwhelming alerts and pop ups.
  • Identity Theft Protection
  • New revamped interface makes it easy to customize settings etc.

2-Way Firewall (Inbound & Outbound):-
Stops Internet attacks at the front door and even catches thieves on their way out. Our 2-way firewall proactively protects against inbound and outbound attacks while making you invisible to hackers.

DefenseNet:-
Leverages real-time threat data from the community of millions of ZoneAlarm firewall users, providing quick response to breaking threats that protect your PC from the latest attacks.

Identity Theft Protection:-
Identity theft can happen to anyone, anywhere. ZoneAlarm delivers superior PC based protection and exclusive data encryption, and also offers offline identity protection services.
Anti-phishing / Site Status Toolbar:-
Blocks spyware distribution sites and fraudulent “phishing” websites that trick you into revealing personal data.

So, if you’ve tried ZoneAlarm Free Firewall previously and been less than impressed, perhaps now might be a good time to take another look. Reports are predominantly favorable; and with a brand new interface, faster boot times, less popup alerts and powerful features like DefenseNet, ZoneAlarm Free Firewall 2012 certainly sounds promising.

To Download ZoneAlarm Firewall Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Hacked Again, 1 Million User Data Compromised

Posted by Avik Sarkar On 6/03/2011 07:35:00 pm


A group of hackers that recently gained notoriety for hacking PBS.org’s home page with an image of NyanCat, announced Thursday that it has stolen data from Sony. It’s yet another in a seemingly endless string of embarrassing security incidents for the company, but what’s shocking is just how exposed the data was to begin with.
In a press release posted to their Web site, LulzSec claims to have broken into SonyPictures.com and “compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.”
The theft included 75,000 “music codes” and 3.5 million “music coupons,” according to the group. LulzSec has posted segments of data they claim to have taken from Sony’s server to serve as proof of their accomplishment.
There are two astonishing twists to this story - one is that LulzSec was apparently able to access the information fairly easily, using what they describe as “a very simple SQL injection, one of the most primitive and common vulnerabilities.” Secondly, “every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
If true, it’s devastating news for Sony, which is just getting back on its feet after shutting down access to its PlayStation Network and Sony Online Entertainment servers after hackers made off with personal information on more than 100 million user accounts.
The PlayStation Network, which controls PlayStation 3 and PlayStation Portable users’ ability to connect to one another to play online games, was down for more than three weeks through the last half of April and first half of May as Sony struggled to secure the system.
And only in the past 24 hours has Sony brought back its PlayStation Store, which serves as a way for PS3 and PSP users to download games and content for their systems.
Sony hasn’t even yet initiated its “Welcome Back” package for consumers affected by the PSN blackout - a collection of about $100 worth of games and content, as well as access to the company’s premium “PlayStation Plus” service.
SonyPictures.com isn’t directly related to the PlayStation 3 or PlayStation Network - it’s Sony’s consumer-facing Internet site for information on their movies, television and home entertainment offerings on Blu-Ray Disc and other formats. But Sony’s many Web sites and servers have been on the receiving end of security probes and hack attacks for some time, exacerbated by the company’s legal proceedings against George “Geohot” Hotz, a programmer who sought to “jailbreak” or enable the PlayStation 3 console to support Linux operating system software - a feature Sony once supported itself, but later removed in a firmware update. Since the widely-publicized outage of the PlayStation Network, hackers have stepped up their attempts to break into Sony’s systems.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Indian Air Force (IAF) Issued Strict Rules & Discipline to Avoid Hacking

Posted by Avik Sarkar On 9/30/2012 03:50:00 pm

Indian Air Force (IAF) Issued Strict Rules & Discipline to Avoid Hacking

Last month in a report we said Indian Govt is working on a robust cyber security structure, and parallely now the Indian Govt is emphasizing its security structure to fight against cyber threats. As a result of this ongoing cyber awareness, a very strict order have been issued by Indian air force to tackle and avoid cyber attacks. From now and onward every officer of the Indian Air Force (IAF) will now have to sign a declaration that they will not save or view any official document on personal computers. Failure to adhere to this directive will lead to a court marshal and prosecution. In a recent case, operational documents were found on the personal computer of a young pilot posted at an airbase in Tamil Nadu. A court of inquiry has been initiated. Over the years, cyberspace has emerged as a critical frontier for espionage as the use of computers and dependence on the internet has grown. Thus, document security has emerged as one of critical areas of concern for the government. It is perhaps alluding to these increasing instances of the cyberspace being used by foreign agencies to collect critical information. Prime Minister Manmohan Singh, while addressing top cops of the country at the annual security conference hosted by the Intelligence Bureau earlier this month, said, "Our country's vulnerability to cybercrime is escalating... Large-scale computer attacks on our critical infrastructure and economy can have potentially devastating results. The government is working on a robust cyber security structure."
As a general rule, computers in which sensitive information are stored or prepared are never connected to the internet. "The IAF internal communication network, for instance, is not only a stand-alone network with no connection to the net, but also has the system configured in such a way that it doesn't allow external storage devices like pen drives or CDs," a senior MoD official told the press. Nonetheless, some officers have been found "keeping copies or preparing documents using critical information in their personal computers, which have subsequently passed out by malwares in the system or hacked," the officer added.

Beside of developing a robust cyber security structure, there is another reason behind this decision, and that is Couple of months ago we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Later, inquiries revealed that a few naval officers had, against the rules, taken copies of the plans in pen drives from a naval computer, to study. The Chinese-made pen drives allegedly had malwares which transmitted the data back to IP addresses in China once they were used on computers connected to the internet. So the Indian Govt is now very strict about data privacy, so the implemented this new rule. Such bold decisions will surely make security tight and also reduce the probability of data theft & cyber espionage. 


-Source (NDTV)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony CEO Stringer apologizes for hacked services & also promises ID theft protection

Posted by Avik Sarkar On 5/07/2011 12:10:00 am


Sony has promised that its hacked services will be back up “in the coming days”and has joined with Debix for an identity theft protection program that will insure users against identity theft for up to $ 1 million each.
The company said Thursday that it has started internal testing on its networks, something it calls an “important step” toward restoring its affected services.
On April 26, Sony announced that a Cyber attack on its system was large-scale, and had compromised millions of customers’ personal information. It cautioned that credit card information might have also been stolen. On May 2, Sony Online Entertainment, another Sony division, announced that credit card data had been stolen from its servers as part of an attack.
An apology letter from Sony CEO and president Howard Stringer was posted on the company’s blog Thursday night. The letter said that while Sony has not heard any confirmed reports of personal or credit card information being misused, it will offer a free identity protection plan to any affected user who registers for the program by June 18.
The Sony program offers identity theft protection for one year from the registration date. It includes cyber monitoring with monthly identity status reports, access to privacy and identity theft specialists and a $1 million theft insurance policy per user. Sony will e-mail users eligible for the program with more details. The program is currently only for U.S. users; Sony is working on offering similar programs worldwide.
Stringer also acknowledged customer complaints over Sony’s decisions to delay notifying customers. “I know some believe we should have notified our customers earlier than we did. It’s a fair question,” Stringer wrote, going on to say that, “...it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.”
This is the first time Stringer has issued a comment on the breach. Spokesman Patrick Seybold has been issuing most of the company’s announcements, while Sony’s popular second-in-command, Kazuo Hirai, has been the public face of Sony at press conferences.
Even as Sony moves to heal its relationship with customers, however, a report from CNET warns that the company may soon face another attack. Citing a source who’s seen chatter from a hacker internet relay chat channel, the report says that a group announced they will attack Sony again and publicize customer names, credit card numbers and addresses taken from the company’s servers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony: Credit data at risk in PlayStation hacking Network shut down; info on 77 million users said compromised halted

Posted by Avik Sarkar On 4/27/2011 10:40:00 pm


Sony Corp. said Tuesday that the credit card data of PlayStation users around the world may have been stolen in a hack that forced it to shut down its PlayStation Network for the past week, disconnecting 77 million user accounts.
Some players brushed off the breach as a common hazard of operating in a connected world, and Sony said some services would be restored in a week. But industry experts said the scale of the breach was staggering and could cost the company billions of dollars.
"Simply put, one of the worst breaches we've seen in several years," said Josh Shaul, chief technology officer for Application Security Inc., a New York-based company that is one of the country's largest database security software makers.
Sony said it has no direct evidence credit card information was taken, but said, "we cannot rule out the possibility."
It said the intrusion was "malicious" and the company had hired an outside security firm to investigate. It has taken steps to rebuild its system to provide greater protection for personal information and warned users to contact credit agencies and set up fraud alerts.
"Our teams are working around the clock on this, and services will be restored as soon as possible," it said in a blog post Tuesday.
The company shut down the network last Wednesday after it said account information, including names, birth dates, e-mail addresses and log-in information was compromised for certain players in the days prior.
Sony says people in 59 nations use the PlayStation network. Of the 77 million user accounts, about 36 million are in the U.S. and elsewhere in the Americas, 32 million in Europe and 9 million in Asia, mostly in Japan.
Purchase history and credit card billing address information may also have been stolen, but the intruder did not obtain the three-digit security code on the back of cards, Sony said. Spokesman Satoshi Fukuoka said the company has not received any reports yet of credit card fraud or abuse resulting from the breach.
Shaul said that not having direct proof of credit card information theft should not instill a sense of security, and could mean Sony just didn't know what files were touched.
"They indicated that they're worried about it, which is probably a very strong indication that everything was stolen," he said.
If the intruder successfully stole credit card data, the heist would rank among the biggest known thefts of financial data.
Recent major hacks included some 130 million card numbers stolen from payment processor Heartland Payment Systems. As many as 100 million accounts were lifted in a break-in at TJX Cos., the chain that owns discount retailers T.J. Maxx and Marshalls, and some 4.2 million card numbers were stolen from East Coast grocery chain Hannaford Bros. Those attacks allegedly involved a single person: Albert Gonzalez, a Miami hacker who was sentenced last year to 20 years in prison for the attacks.
The Ponemon Institute, a data-security research firm, estimated that the cost of a data breach involving a malicious or criminal act averaged $318 per compromised record in 2010, up 48 percent from the year earlier.
That could pin the potential cost of the PlayStation breach at more than $24 billion.
Alan Paller, director of research for the SANS Institute, a security training organization, said that even if credit numbers weren't stolen, knowing someone's name, e-mail address and which games he or she likes can lead to expertly crafted scam e-mails. Knowing billing histories can be even more harmful, since they can identify big spenders.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The U.S. Food & Drug Administration (FDA) Hack - What is Big Pharma Hiding From You?

Posted by Avik Sarkar On 2/10/2014 07:32:00 pm

The Food & Drug Administration (FDA) Hack - What is Big Pharma Hiding From You?
During the summer of last year, there was a growing controversy surrounding the FDA’s request to hackers to expose holes in medical devices security, such as insulin devices and other wireless and computer connected home and hospital devices. Understandably, many hackers and security experts were not particularly keen to attempt or test the security of these devices, for fear of incorrect perception, and potential outcry. In December last year, the FDA was itself the target of an hacking operation, in particular the system used by pharmaceutical companies to input data on drug tests, results, clinical trials, and so on. Whether this was an attack by cyber thieves, as the FDA claims, or hacktivists remains to be seen. 

Corporate Theft or Exposing the Truth?
The FDA of course, was quick to denounce the attack as a cyber theft. The information reported to have been accessed included medical trial data, marketing information and strategy, and information about drug manufacturing. While on the surface, we could very well accept that this could be a simple case of corporate espionage, it is worth remembering that any company that wants drug approval in the US has to go through the FDA first. Is running the risk of potentially alienating the very body that approves your products a strategy that a multi billion dollar pharmaceutical company would really undertake? While it can’t be rules out as a possibility, unless the hackers come forward, it does seem unlikely. It’s also important to remember that there is a large amount of controversy surrounding the pharmaceutical industry all over the world, but especially in the states. Could hacktivists have been responsible for the attack? If so, what could be the causes for such as attack? As we will see, there may be more than we might initially think.

Practice and Method - How Big Pharma Operates
In the US alone, it is estimated that around 70% of the population takes prescription drugs. Given the amount of people in the US is estimated to be over 300 million, that is a staggering number. With such a large amount of people taking these drugs, addiction rates are rising rapidly - so much so, that currently prescription addicts are more common than illegal drug addicts. It is a very real problem that continues to be skirted around by the US regulators and administration. In fact, where as knowing the signs of heroin or crack cocaine addiction were important pieces of information for people who suspected they may have an addict among friends or family, the same is now true for widely available prescription drugs, and many Americans are being encouraged to learn more about the potential causes and signs of prescription drug abuse, by drug charities and non profit institutions.
At the center of this problem lies the pharmaceutical industry. Adverts for medications are common, and standard practice for getting new drugs to market includes rigging clinical trials to get the desired results in clever ways that do not outright break the law, invasive marketing schemes on family doctors and consumers, where doctors will often be offered ‘sweeteners’ such as free lunches, travel to events, or even help building their reputation as speakers at industry funded conferences. The FDA is also, despite being an independent regulatory body, often effectively ‘bought out’ by companies looking to get drugs to market fast. There is the additional problem that all drug test data is not available for public consumption, meaning academics and doctors are unable to view results of tests or trials for themselves. This has led to a number of large law suits in the US, and around the world, as well as in extreme cases, deaths directly related to withheld side affects of new drugs.

Coincidence or Calculated?
We might then speculate on the nature of the accessed data once again. Bearing in mind the nature of how the industry operates, and the information that was accessed, we could quite easily draw a link between the two, and surmise that the hack may well have been the work of a hacktivist movement. Of course, there is no way to prove whether this was the case or not, but given the ambitious actions of a number of groups over the last few years, it certainly can’t be ruled out.

Disclaimer:- At perfection Team VOGH felicitate Eve Halton for sharing this luminous article with our readers. Eve is a very much passionate Fleet Street, she  has done her graduation in International Business and Journalism. Eve, this time also you have done eminent job, we love you :)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

China Was Responsible for RSA Hack & Military Related Intellectual Property Theft- Said NSA

Posted by Avik Sarkar On 3/29/2012 12:54:00 am

China Was Responsible for RSA Hack & Military Related Intellectual Property Theft- Said NSA

The director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSA. Yesterday the Cyber Command commander & Director Mr. Alexander presented the testimony at Senate Hearing. He has also confirmed that not only RSA, but also large amounts of military-related intellectual property has also been stolen and yet again China was behind this attack. "I can't go into the specifics here, but we do see [thefts] from defense industrial base companies," Alexander said, declining to go into details about other attacks. "There are some very public [attacks], though. The most recent one was the RSA exploits." The NSA director believes the US Government needs more real-time capabilities to work with the private sector to stop attacks. He explained how in one attack, the attackers were attempting to get 3GBs of data from a foreign defence contractor but the Department of Defence processes for communicating with that company were predominantly manual. He did not present any evidence for the China allegations and it is yet to be seen if there is any diplomatic fallout from his disclosures.
The attack was taken place in earlier March 2011, where hackers managed to gain access to the enterprise's servers and take sensitive data. The attackers manage to obtain data on SecurID, RSA's popular two factor authentication system. 
Also in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

CID (Criminal Investigation Department)of WB is Vulnerable & Sensitive Data Leeked By Hitcher & Mìstâ Hâxôr

Posted by Avik Sarkar On 7/26/2011 01:42:00 am


The official website of CID (Criminal Investigation Department) Westbengal, Govt. of India is Vulnerable. Hitcher & Mìstâ Hâxôr from Team PCF (Paksitan Cyber Force) found both SQL-i and XSS vulnerability on this site. They also leaked some sensitive data from this site.The official website of CID (Criminal Investigation Department)  is Vulnerable & Sensitive Data Leeked

One of the leeked Message:-

"...
>>>>>>>>>::::::__Message from DGP CID West Bengal Following__::::::>>>>>>>>>>>>>>>>>>>>

"Recognizing the seriousness of cyber threats, CID West Bengal has developed a Cyber Crime Unit under the Special Operation Group (SOG). For Scientific Analysis of   such threats a Computer Crime Analysis Lab (CCAB) has also been set up. This Lab will have the ability to handle cases pertaining to hacking, spread of virus,  pornography, manipulation of accounts, alteration of data, software piracy, creation of false websites, printing of counterfeit currency, forged visas, theft of  intellectual property, email spamming, denial of access, password theft, crimes with cell phones and palmtops, cyber terrorism and the transmission of secret codes  concealed in pictures...."
     The fight against Cyber Crime requires the highest level of expertise. However, in addition to this there should be awareness among members of public about      seriousness of Cyber Crime. It is with this objective that the CID Website has been created."
 
Vulnerable Website:-
http://cidwestbengal.gov.in/






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
































Related Posts Plugin for WordPress, Blogger...


















Site search