Hackers Charged with Stealing 1 Billion E-mail Addresses

The U.S. Department of Justice has unsealed indictments against three hackers for having broken into eight email service providers (ESPs), stealing 1 billion email addresses and names, and receiving $2,000,000 for the sale of products to those email addresses through a “spam” sales scheme. According to the indictments filed with the U.S. District Court for the Northern District of Georgia, Canadian David-Manuel Santos Da Silva and Viet Quoc Nguyen and Giang Hoang Vu from Vietnam used an email phishing scheme beginning in 2009 to gain…
Continue reading...

Digital Cloning: Hacking Your Fingerprints

While your biometrics may be as unique as a snowflake, they can still be digitally captured, copied and used to gain access to your “secure” computer network and data storage facilities.  Using standard photos taken during a press event in October and commercially available software, a 31-year-old member of Europe’s largest association of hackers successfully re-created a digital fingerprint of German defense minister Ursula von der Leyen.  The digital print could then be used not only to fool security software, but with the increasing sophistication…
Continue reading...

Hacker Gains Control of German Steel Mill Operations

The  German Federal Office for Information Security (BSI) has issued a report revealing that a sophisticated hacker was able to take control of a steel mill’s computerized production system, forcing an unscheduled shut-down that caused “massive damage” to the physical plant. By using targeted emails, known as “spear phishing,” employees were tricked into opening messages that extracted login names and passwords and transmitted that information to the hacker without detection. The hacker, in turn, used the data to gain limited control of the…
Continue reading...

Cybsersecurity Starts at the Top

This summer, the Federal Financial Institutions Examination Council (FFIEC), made up of the FED Board of Governors and FDIC, among others, conducted a Cybersecurity Assessment at over 500 community financial institutions to evaluate their ability to handle cyber risks.  While the data is still being analyzed in order to assist with future guidance and regulations, last month the FFIEC Cybersecurity Assessment’s “General Observations” were released. What is striking about the General Observations, which are not to be construed as guidance, is that they call out…
Continue reading...