Security Brief: US Government Shutdown, Adobe Hacked
The main events of the week between September 30 – October 6
Many of this week’s headlines have had some sort of connection to the US government shutdown. We’ve also had some interesting hacks, so in case you haven’t been online much, keep on reading to find out more.The US government shutdown has a major impact on numerous sectors. Most government websites have been taken down because of the lack of funds. Hackers jokingly rushed to say that, for the first time, they can’t be blamed for the sites being closed.
Defense contractors – including Lockheed Martin, UTX, and BAE Systems – have started sending thousands of people home, and cyber security experts warn that the shutdown might be leveraged by cybercriminals to gain access to critical systems.
On the other hand, scammers and cybercriminals have already started exploiting the US government shutdown. Several IT security firms have spotted spam campaigns that leverage the shutdown in an effort to trick users into downloading malware, or visiting scam sites.
The US government shutdown hasn’t prevented the Obama administration from starting the enrollment period for Obamacare. However, many of the Obamacare websites experienced service disruptions due to the large number of visitors.
While Washington has denied that the service interruptions had been caused by hackers, in the case of New York’s State of Health, every piece of evidence points to a malicious DDOS attack.
As far as hacks are concerned, the most important is the one that targeted Adobe. The attackers stole not only the details of 2.9 million users (including credit card information), but also source code for several products such as Acrobat and ColdFusion.
The Syrian Electronic Army continues to launch attacks against media organizations. Their latest target is GlobalPost, whose systems they've hacked twice in less than a week.
Bitcointalk.org was hacked and defaced. Its operators have taken the site down while they try to determine how the attackers got in. In the meantime a hacker had claimed to be selling information stolen from Bitcointalk.org databases. However, the forum’s representatives have told Softpedia that the data is fake.
The website of the Substance Abuse and Mental Health Services Administration (SAMHSA), an agency of the United States’ Department of Health and Human Services (HHS), was also hacked. The attackers turned the Native American Center for Excellence subdomain into an online store that sold Ugg, Armani and NFL merchandise.
Hackers also targeted the websites of Jordan’s Prime Ministry, Ecuador’s province of Azuay, the United Nations in Honduras, and CoCCA Registry Services.
And since we’re talking about hacks, 13 alleged Anonymous hackers were charged this past week for launching DDOS attacks against tens of websites as part of Operation Payback.
However, this hasn’t discouraged other hacktivists from preparing campaigns. Anonymous Americalatina plans on protesting against seed giant Monsanto with DDOS attacks and defacements on October 12.
Other Anons have been gathering information to prove that Apple will provide all the fingerprints collected via Touch ID to the US government.
This week, the FBI announced arresting the alleged operator of the Silk Road underground marketplace. While the criminal service has been shut down, experts warn that TOR is not the only popular darknet used by cybercriminals.
In case you’re wondering how the feds tracked down the Silk Road’s “Dread Pirate Roberts,” take a look at all the rookie mistakes he made.
Here are some other interesting stories, in case you’ve missed them:
GCHQ refuses to take part in the European Parliament’s hearing on the Belgacom hack
VIDEO: The anti-theft systems in iPhone 5s / iOS7 are not very efficient
Yahoo promises rewards of up to $15,000 (€11,000) for security researchers who report vulnerabilities
Symantec sinkholes a quarter of the ZeroAccess botnet
John McAfee wants to help users protect themselves against NSA spying
Proxy.sh admits sniffing traffic to identify a hacker