Security Brief: Boston Marathon Scams, CISPA

The main events of the week between April 15 - April 21

By on April 21st, 2013 04:51 GMT

There are a lot of aspects to the Boston Marathon explosions, one of them being the scams that have started making the rounds ever since the incident. That’s why this week’s security brief will partly focus on them.

Hours after the unfortunate event, we published an advisory to warn users about the scams that might surface. We were right, shortly after the advisory, security firms already started seeing emails entitled “Boston Marathon Explosions,” which contained links to malware-serving websites.

The same cybercriminals are also sending out malicious emails related to the fertilizer plant explosion in Texas.

On Wednesday, most security firms had published advisories, each of them seeing variations of the campaigns.

New Boston Marathon-related domains and social media account were registered and fake charities started popping up. The Better Business Bureau and the FBI issued alerts to warn people about the risks.

The latest advisory, published by Trend Micro, reveals that even the exchange of fire between the bombing suspects and officers at MIT is exploited by scammers.

In other news, the controversial Cyber Intelligence Sharing and Protection Act (CISPA) has made a lot of headlines this week.

First, Rep. Mike Rogers has said those who oppose the bill are aged 14 and living in their basement. His remarks have been met with thousands of tweets made by individuals who oppose CISPA.

Later, we learned that the bill passed the US House of Representatives, again. We also learned that an amendment which would have addressed some of the privacy and civil rights concerns was voted down by Republicans.

While US President Barack Obama threatens to veto CISPA, the Internet has already announced massive protests.

Anonymous issued a statement, calling for everyone to join an Internet blackout on April 22 to protest against CISPA.

And since we’re talking about Anonymous and protests, some hacktivists published a response to the Japanese National Police Agency’s intent to block the use of Tor in the country in an effort to combat crimes that abuse the anonymity system.

Here’s a list of other noteworthy stories, just in case you’ve missed them:

Watch a video of the Evad4rs press conference from HITB.

LulzSec hacker Cody Kretsinger sentenced to 1 year in prison, 1,000 hours of community service.

Hackers Deface Google Kyrgyzstan and Google Bosnia and Herzegovina.

Italian authorities block 27 file-sharing sites. ISPs respond.

Reddit disrupted by DDOS attack.

Faulty Malwarebytes definitions update disables thousands of devices worldwide.

BlockChain.info hit by DDOS attack.

Oracle fixes 128 vulnerabilities with April 2013 CPU.

US radio website, Twitter accounts hacked by Syrian Electronic Army.

Web hosting company Linode hacked.

Comments