Security Brief: Telecoms Company Hacks, Sochi Olympics, Bug Bounties

The main stories of the week between February 3 and February 9, 2014

By on February 9th, 2014 02:06 GMT

This is your chance to catch up on some reading in case you haven’t been online too much over the past week.


Telecoms company hacks


First of all, a lot of telecoms companies have been (allegedly) hacked. Orange has admitted that its orange.fr portal has been hacked, and that the details of 800,000 customers might have been compromised. Fortunately, passwords and financial information have not been exposed.

Hackers of NullCrew have announced breaching the systems of Bell Canada and Comcast. Bell Canada has admitted being hacked. Comcast, on the other hand, has refused to comment on the allegations.

In Turkey, RedHack claims to have hacked the systems of Vodafone, TurkCell, and TTNET. The hacktivists have started leaking data stolen from their servers. In the meantime, the group is preparing to protest against Turkey’s recently-introduced Internet law.

The latest telecoms company hacking story comes from India. Authorities have launched an investigation into reports that Huawei has hacked state-owned company BSNL.

Bug bounty programs

HP’s Zero Day Initiative has announced Pwn2Own 2014. The organizers of the hacking contest that will take place in March at the CanSecWest 2014 conference have prepared prizes totaling over $500,000 (€370,000).

An expert from Vulnerability Lab has identified three critical vulnerabilities in the systems of Germany’s Deutsche Telekom. The security holes – an SQL Injection, a remote command execution, and an arbitrary file upload issue – have been addressed by the company.

For his contribution, the security researcher has been rewarded with €3,000 ($4,000).

Avast has doubled its bug bounty rewards. From now on, the base payment will be $400 (€294), and the maximum reward for one single submission has been raised to $10,000 (€7,350).

GitHub has paid $4,000 (€2,935) to a security researcher who had managed to combine 5 low-impact bugs into one critical exploit. This is the largest amount of money paid so far by the company as part of its recently-launched bug bounty program.

Sochi Olympics

The Sochi Olympics might be all about sports, but in an age where everything relies on computers it’s not surprising that there are a few IT security stories related to the event. Experts have been warning Russians and Sochi visitors about the cyber threats they’re facing.

NBC has also warned people who want to attend the event, but they’re story has been misleading and sort of exaggerated. An IT security expert even went as far as calling it 100% fraudulent. NBC has made a statement to respond to critics.

In the meantime, the IT security expert who assisted NBC with its experiment has published a white paper with the technical details.

Hacks

The Syrian Electronic Army has been busy this week. First, they defaced the French, British and Indian websites of PayPal , and at least one eBay domain. Later in the week, they breached the systems of MarkMonitor in an effort to hijack some high-profile domains, including Facebook, Google, Amazon and Yahoo.

Here are some other stories in case you’ve missed them:

New Council of Europe ransomware spotted by security researchers

DDOS attacks used by cyber terrorists to influence stock prices and disrupt exchange platforms

NIST still uses the SHA-1 algorithm to sign certificates, despite the fact that it had banned such practices

Alleged Silk Road operator Ross Ulbricht has been charged, but he has pleaded not guilty

British spy unit launches DDOS attacks against Anonymous’s communication channels

XBT has paid $100,000 (€73,680) for the DDOS.com domain

Cybercriminals hijack routers to lure users to bank phishing sites

The FBI is looking for someone who can provide malware, a lot of it

Tesla Motors hires security expert

Comments