Nokia apologises for 'significantly large' security breach

          Developer forum brought down by hackers who exploited a bulletin board software. Finnish phonemaker Nokia has shut down an online forum for developers after hackers brought it down over the weekend. The company has suspended its developers fourms and replaced with a company statement warning developers that the "signifcantly large" hack attack could have compromised personal details of the registered deveopers including dates of birth and email addresses.

          The company also said that it has intiated a probe on the attack. In a message, the Nokia Developer website team said: "You may have seen reports or received an email from us regarding a recent security breach on this developer.nokia.com/community discussion forum." The company said that hackers exploited a vulnerability in the bulletin board software.

          "During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack. Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger," said the company.

          Nokia has apologised to users and added that sensitive details such as credit card details and passwords are safe. It said, "The database table records includes members' email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo. However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members' accounts is at risk. Other Nokia accounts are not affected."

          "We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email. Nokia apologizes for this incident. "Though the initial vulnerability was addressed immediately, we have now taken the developer community website offline as a precautionary measure, while we conduct further investigations and security assessments. We hope to get the site back online as soon as possible and will post developments here in the meantime," said Nokia. So far no hacker group has claimed responsibility for the attack.

Read More

WikiLeaks crashes temporarily after cyberattack: report

          Whistleblower had published over 125,000 secret US State Department documents in the past week. A spate of cyberattacks reportedly crashed the whistleblower website WikiLeaks on Tuesday. An Associated Press report said that the cyberattack took place after the "accelerated publication" of tens of thousands of sensitive US State Department cables.

          The report said that WikiLeaks had published over 125,000 secret documents in the past week, which was far more than it had earlier published. The rate and method of the new leaks raise new concerns about the confidentiality of secret documents for the US. State Department spokeswoman Victoria Nuland told reporters, "The United States strongly condemns any illegal disclosure of classified information."

          "In addition to damaging our diplomatic efforts, it puts individuals' security at risk, threatens our national security and undermines our effort to work with countries to solve shared problems. We remain concerned about these illegal disclosures and about concerns and risks to individuals. "We continue to carefully monitor what becomes public and to take steps to mitigate the damage to national security and to assist those who may be harmed by these illegal disclosures to the extent that we can." she said.

          According to the report, WikiLeaks responded saying, "Dear governments, if you don't want your filth exposed, then stop acting like pigs. Simple." According to AP, WikiLeaks tweeted about the cyberattack on Twitter late Tuesday: "WikiLeaks.org is presently under attack." The website also directed visitors to a mirror site, cablegatesearch.net. Though the WikiLeaks website was up and running on Wednesday, a message on the website reads: "WikiLeaks is currently under heavy attack."

          Last week, online hacktivist group Anonymous had said that Distributed Denial of Service (DDoS) attacks on WikiLeaks are futile, and will receive a fitting reply. The hacker group -- infamous for their attacks against Visa, Mastercard, Sony and The Sun - shot into limelight late last year after it brought down the services of Visa and Mastercard against the decision to block payment access to whistleblower and WikiLeaks founder Julian Assange. The group claimed on a blog that "governments" were not doing anything over those attacks, even after Assange requested for a probe into the cyberattacks.
 
          "Wikileaks is under constant Denial of Service attacks, and Julian Assange has requested an investigation into the matter, but yet nothing has legally been done. We are in contact with Wikileaks, as we are both under the same botnet denial of service attacks,"Anonymous had said. "Since the governments who imprison people for conducting such actions upon corporate servers will not do anything, Anonymous will now once again step up and defend the weak from the oppressive."

          The group added, "Whether it is a government institution, or individuals -- you shall receive our justice. These attacks accomplish nothing but stirring up a hornets nest, and if that was the goal -- your mission has been accomplished."

Read More

Hackers used 'Job offer' email to breach RSA's security: F-Secure

          'Very sophisticated attack', as RSA had called the March hack attack, turned out to be a targeted email to EMC employees, says computer security firm. Hackers working for a "nation state" used a targeted 'job offer' email to EMC employees to breach the security of RSA to steal military secrets from US arms supplier Lockheed-Martin, according to F-Secure.

          F-Secure said on its website, "As far as we know, a nation-state wanted to break in to Lockheed-Martin and Northrop-Grumman to steal military secrets. They couldn't do it, since these companies were using RSA SecurID tokens for network authentication. So, the hackers broke into RSA with a targeted email attack."

          In an open letter to its customers, RSA wrote, "On March 17, 2011, RSA publicly disclosed that it had detected a very sophisticated cyber attack on its systems, and that certain information related to the RSA SecurID product had been extracted."

          "We immediately published best practices and our prioritised remediation steps, and proactively reached out to thousands of customers to help them implement those steps. We remain convinced that customers who implement these steps can be confident in their continued security, and customers in all industries have given us positive feedback on our remediation steps."

          RSA also wrote on its blog that the attack was launched with a targeted email to EMC employees, and that the email contained an attachment called '2011 Recruitment plan.xls'. RSA said, "Certain characteristics of the attack on RSA indicated that the perpetrator's most likely motive was to obtain an element of security information that could be used to target defence secrets and related [information]."

          Now, F-Secure claims that Timo Hirvonen, a security analyst working in its labs, has unravelled the modus operandi of the hackers after finding the original malware which attacked RSA. The company said that the experts already knew in April about the email, but could not make a headway without the original file which was lost among millions of files with the security firm.

          The company said, "Problem was, we didn't have the file. It seemed like nobody did, and the antivirus researcher mailing lists were buzzing with discussion about where to find the file. Nobody had it, and eventually the discussion quieted down."

           F-Secure continued, "Every few weeks since April, Timo would go back to our collections of tens of millions of malware samples and try to mine it to find this one file - with no luck. Until this week." The company said that Timo analysed samples for flash objects and found that the actual malware was not an Excel file but an Outlook message file (MSG). "The message file turned out to be the original email that was sent to RSA on 3rd of March, complete with the attachment 2011 Recruitment plan.xls," said F-Secure.

          The company added that an EMC employee had probably uploaded the email and attachment to the Virustotal online scanning service on 19 March, and was shared to relevant parties in the anti-malware and security industry. F-Secure said that the "email was disguised to look like it had come from recruiting website Beyond.com. It had the subject '2011 Recruitment plan' and one line of content: 'I forward this file to you for review. Please open and view it'. The message was sent to one EMC employee and cc'd to three others."
Opening the mail infected the workstation and attackers gained full remote access of the workstation and network drives. They used this exploit to get the critical SecurID data they were looking for, said F-Secure.
The company also said that the attack was not advanced as RSA has claimed it to be.

           F-Secure said, "The email wasn't advanced. The backdoor they dropped wasn't advanced. The exploit was advanced. The ultimate target of the attacker was advanced. If somebody hacks a security vendor just to gain access to their customers systems, we'd say the attack is advanced, even if some of the interim steps weren't very complicated."

Read More

Staff Pay leaked after RBS email security policy breach

          The pay rates of around 3,000 contract staff of RBS were leaked after an email accidently got sent to employees of RBS. Some of the employees are paid £2,000 a day, according to a report by SearchSecurity.
According to the report, a staff member of employment agency Hays sent the email containing day rates paid to contractors to 800 RBS employees.

          Hays has a contract with RBS to supply temporary staff. RBS has said that no customer details had been breached. It has not commented on the agreement with Hays following the incident. The bank said: "We are extremely disappointed that confidential personnel data has been shared by one of our suppliers. This is unacceptable and we are taking action to address this issue. No customer information has been compromised."

          Hays has apologised for the error. "The data included the roles and the pay rates of certain contractors, but did not include any bank account details or national insurance numbers," a company statement said. "Hays recognises that the correct treatment of data is of the utmost importance and has apologised to RBS for this error. We are taking the unauthorised release of this data extremely seriously and are working with RBS to recover the data from recipients where possible."

Read More

10-year-old ARMY-labelled hacking software revealed by China's state broadcaster !!

          Six-second clip could be a proof that China has been involved in cyber warfare for over 10 years
US security analysts have said that a video allegedly showing army-labelled software designed to attack websites in the US was screened on China's state broadcaster CCTV. CCTV, which has shown misleading and bogus footage in the past, has not commented on the matter so far.

          The US security experts say that if the six-second clip is genuine, it could be a proof that China has been involved in cyber warfare for over 10 years, according to The Guardian. According to the report, CCTV showed the clip as part of a cybersecurity documentary screened on its military channel last month.
However, the broadcaster quickly removed it from its website after US security analysts wrote about it.
The Guardian quoted: "It appeared to show dated computer screenshots of a Chinese military institute conducting a rudimentary type of cyber-attack against a United States-based dissident entity.

          "However modest, ambiguous - and, from China's perspective, defensive - this is possibly the first direct piece of visual evidence from an official Chinese government source to undermine Beijing's official claims never to engage in overseas hacking of any kind for government purposes."
China insists that the country is itself a victim of hack attacks.

          Recently, China said that 500,000 cyberattacks targeted it last year, with nearly 25% of Trojans traced to US and India. Earlier this month, the country slammed a report by computer security company McAfee, suggesting that China was a behind a massive cyber espionage. McAfee had claimed to have uncovered a major cyber snoop on the networks of governments, organisations and businesses. The company did not name China and had said that a "state actor" was behind the attacks.

          Reacting to the report, the Chinese government's mouthpiece the People's Daily slammed such speculations, saying, "Linking China to Internet hacking attacks is irresponsible." "The McAfee report claims that a 'state actor' engaged in hacking for a large-scale Internet espionage operation, but its analysis clearly does not stand up to scrutiny." "In fact, as hacking attacks against internationally renowned companies or international organisations have increased this year, some Western media have repeatedly described China as 'the black hand behind the scenes'."

Read More

DDoS attacks on WikiLeaks, chat servers will recieve 'justice', threatens Anonymous

          Hacker group vows to find those responsible for the attacks on WikiLeaks, and their own Internet Relay Chat servers. Online hacktivist group Anonymous has said that Distributed Denial of Service (DDoS) attacks on the group's Relay Chat servers and on whistleblower site WikiLeaks are futile, and will receive a fitting reply.

          The hacker group announced on a blog that WikiLeaks is under constant DDoS attacks.
Anonymous wrote: "The denial of service attacks on our internet relay chat servers serves no purpose, and will not delay our revolution. Legions of Anons have morphed into other methods of communications."
The hacker group -- infamous for their attacks against Visa, Mastercard, Sony and The Sun - shot into limelight late last year after it brought down the services of Visa and Mastercard against the decision to block payment access to whistleblower and WikiLeaks founder Julian Assange.

          The group has now claimed that 'governments' were not doing anything over those attacks, even after WikiLeaks founder Julian Assange requested for a probe into the matter. Anonymous also added that coordination with WikiLeaks has revealed that the same kind of DDoS is also being used to disable the group's chat servers.

          "Wikileaks is under constant Denial of Service attacks, and Julian Assange has requested an investigation into the matter, but yet nothing has legally been done. We are in contact with Wikileaks, as we are both under the same botnet denial of service attacks," said Anonymous. "Since the governments who imprison people for conducting such actions upon corporate servers will not do anything, Anonymous will now once again step up and defend the weak from the oppressive."

          The group has vowed to find those responsible for the attacks on Wikileaks, and their own Internet Relay Chat servers. The group said, "Whether it is a government institution, or individuals -- you shall receive our justice. These attacks accomplish nothing but stirring up a hornets nest, and if that was the goal -- your mission has been accomplished."

          On Wednesday, the group had announced on Pastebin that it would commence a march from Hyde Park to Parliament Square for an "occupation" against the UK coalition's response to the financial meltdown.

Read More