There is a lot going on in the world of information security at the moment and this week (July 2 – July 8) we’ve seen all sorts of events, from Anonymous hacks and massive data leaks, to controversial botnets and vulnerabilities. This is why we call this week the week of diversity.
First of all, a number of interesting court actions marked this week. The U.S. Federal Court of Appeals for the First Circuit ruled in favor
of a company that lost a few hundred thousand dollars as a result of a cybercriminal operations.
Initially, a judge decided that the bank that guarded the company’s money could not be held responsible, but the appeals court determined that the financial institution’s security measures are simply not “commercially reasonable.”
Then, from the FBI we learned that a Canadian subsidiary of a US defense contractor was exporting military software
to China. Apparently, the Chines utilized it to build their first attack helicopter, the Z-10.
Victims of the Full Tilt Poker Ponzi scheme were happy to learn that the mastermind of the whole plot was arrested
by authorities as soon as he set foot on US soil. The company owes around $350 million (276 million EUR) to players worldwide.
In the meantime, Microsoft continues its battle against botnets. The Redmond company has made available the names of two individuals
suspected of being ZeuS botnets masterminds.
A curious case was seen in Japan where a 13-year-old boy was arrested
by authorities on suspicion that he was responsible for creating a virus that could shut down computers.
From China we learned of the arrest of six individuals accused
of launching distributed denial of service attacks against trading firms that refused to give in to extortion.
The “courtroom” section ends with TriCk, the leader of the TeaMp0isoN collective, who pleaded guilty
to making prank calls that targeted UK’s counter-terrorism hotline and to hacking into Tony Blair’s email account.
As far as vulnerabilities go, we’ve learned of a potentially serious security hole in Cyberoam DPI devices that could be leverage for traffic interception
. However, the company came forward to deny
the allegations, reassuring customers that no one could intercept their SSL data.
Another major security hole was identified in the systems of Dutch Internet service provider KPN. The firm was forced to shut down its ADSL login page after being warned that 120,000 of their customers still relied on the default password.
In the mobile malware section we’ve also had some curious cases this week. Security experts have stumbled upon what they believe to be the first Android spam botnet
. Soon after the discovery, two sides were formed, some security firms, backed up by Google, saying that it was not really a botnet.
Anonymous has been somewhat quiet, at least until the end of the week when we learned that some hackers had breached the servers of India’s anti-piracy outfit and altered the organization’s system responsible for sending takedown orders. As a result, the owners of torrent sites received “We are Anonymous”
messages instead of the regular emails.
Anonymous, but this time the “analyst” faction of the hacktivist community, has published a report
in which Chinese security firm Qihoo is accused of lying about its traffic.
Unknown hackers are suspected of sounding the tornado sirens
in two separate locations in Illinois, US. For some citizens it was the first time they heard the sound that warned of military attacks.
We’ve had some important data leaks as well. Hackers from TeamGhostShell continued ProjectDragonFly
and, as a result, they leaked around 200,000 account details
from various websites worldwide.
Another data leak targeted Trend Micro
and partner company Sykes. The security firm has denied the allegations, but the hacker, c0mrade
, claims that all the email databases have been obtained from their servers.
A curious malicious application has been identified by security experts on both Google Play and Apple’s Apps Store. It’s called Find and Call
and its developers swear that the fact that it steals phonebooks and sends out spam
to all the contacts is just a bug.
Finally, the Pentagon’s DARPA believes that it has come up with a great way to ensure that data leaks will not occur
anymore. Researchers developed a system based on fake secrets to unmask those responsible for spilling