Citigroup loses millions in latest server hacking attempt
June 27, 2011
Over the weekend, Citigroup did admit that a server hacking attack in May stole millions of dollars from customers' credit card accounts.
Citigroup said that about $2.7 million was stolen from about 3,400 customer accounts on May 10, 2011.
The account hackers actually accessed a much larger number of accounts: 360,083 to be more precise. However, fewer than 1 percent of the hacked accounts had money removed from them, according to Citigroup.
The bank repeated what it had said weeks ago that customers won't be responsible from financial losses stemming from the attacks.
"Bank customers are never liable for any fraud on their accounts and are 100 percent protected by our security policy," Citigroup said.
Citigroup announced two weeks ago that more than 200,000 new credit cards had already been issued to its victimized customers. In some cases, account holders had already closed their account or had received a new card, so they didn't need the Citi-initiated replacement in the first place.
Citi waited until June 3, more than three weeks after its discovery of the hack, to start sending out notification letters. But the bank insisted that it acted quickly to deal with the security issues.
"From the moment we discovered the security breach, we took immediate action to rectify the situation and protect any customers potentially at risk," Citi said in a written statement earlier this month.
There has been a spate of recent, high-profile security breaches. Video game maker Electronic Arts said Friday that hackers recently breached a server linked to a message board, stealing customer information.
Then Sony was subjected to several major hacking attempts in March, April and May, affecting several of its gaming systems and potentially compromising tens of millions of credit card numbers. The security issues were heavily publicized by the media and the Internet security community.
In a separate case, hackers used SecurIDs -- the tokens used by office workers to access corporate systems -- to launch cyber attacks against Lockheed Martin. The maker of the tokens, RSA Security, a division of EMC Corp offered to replace or monitor all SecurIDs.
Bank of America employees and some clients use the tokens. The banks said they will be replaced.
In other Internet security news
Avantex Hosting reported this morning that it successfully completed the testing on the IPv6 protocol on World IPv6 day, June 8, 2011. As early as February 2009, Avantex took the lead and started implementing its networking equipment for the new protocol.
World IPv6 Day was an event sponsored and organized by the Internet Society and several large hosting companies and content providers to test public IPv6 deployment on the Internet. It started at 00:00 UTC on June 8 and ended ar 23:59 the same day.
Avantex says that the key motivation for the event was to evaluate the real world effects of the IPv6 protocol as seen by various networking equipment and according to the various tests performed. To that end, during World IPv6 Day major Internet companies and other industry players enabled IPv6 on their main websites for 24 hours.
An additional goal was to motivate organizations across the industry such as Internet service providers, hardware makers, software engineering firms, operating system vendors and web companies to prepare their services for IPv6, in assuring a successful transition from IPv4 as IP address space is rapidly running out.
In September 2010, Cisco started running IPv6 on its site. The testing primarily consisted of websites publishing AAAA records, which allow IPv6 capable hosts to connect using IPv6. Although Internet service providers have been encouraged to participate since 2010, they were not expected to deploy anything active on that day. Instead, they were expected to just increase their readiness to handle support issues.
Many web hosting companies such as Avantex and others participated in the experiment, including Google and other search engines, social networking websites, Internet backbone and content distribution networks.
Avantex Hosting Services is a dedicated Web hosting organization, offering companies, small & medium size businesses, private individuals, all levels of government and non-profit organizations, reliable and professional Web hosting services.
Utilizing one of the best carrier backbone infrastructure and BGP Network in the industry, Avantex is in a unique position to offer the most competitive pricing in the Web hosting industry, since all pricing is offered at the wholesale level.
Located in ultra-modern and fully air-conditioned data centers, Avantex owns all of its servers and buys large quantities of Internet bandwith, thereby passing along its savings to its end users. Avantex's wholesale pricing model is available to anybody that is interested in dependable and quality Web hosting services, 24 hours a day, 365 days a year.
Avantex has a large network of resellers, Web design specialists and Internet integrators, further strenghtening our goal in being a premier hosting organization. Already serving many non-profit organizations, since its foundation in 1994, Avantex has had a constant and growing need for quality and professional Web hosting services.
In other Internet security news
Another SSL certificate authentication authority has been attacked by hackers with the intent on minting counterfeit security certificates that would allow them to spoof the authenticated pages of high-profile sites. This isn't the first time something like this happens, and probably won't be the last either.
Israel-based StartCom, which operates StartSSL suffered a major security attack that occurred June 15, the company said in an obscure advisory. The certificate authority, which is trusted by the Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox browsers to vouch for the authenticity of sensitive websites, has categorically suspended the issuance of new digital certificates and related services until further notice.
Eddy Nigg, StartCom's CTO and COO, says that the hackers targeted many of the same websites targeted during a similar breach in March against certificate authority Comodo. The hackers in the earlier attack managed to forge certificates for seven addresses, including Google mail, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.com, and Microsoft's login.live.com.
The March breach touched off a frantic effort by the world's biggest browser makers to blacklist the counterfeit credentials before the hackers could use them to create spoof websites that contained a valid cryptographic stamp validating the sites' authenticity.
It took more than a week for the fraudulent credentials to be blocked in all browsers, and even then, many widely used email programs still weren't updated.
The hackers behind the attack on StartCom failed to obtain any certificates that would allow them to spoof websites in a similar fashion, and they were also unsuccessful in generating an intermediate certificate that would allow them to act as their own certificate authority, Nigg said in an email.
The private encryption key at the heart of the company's operations isn't stored on a computer that's attached to the Internet, so they didn't get their hands on that sensitive document, either, he said.
Last week's attack is at least the fifth time an entity that issues SSL, or secure sockets layer, certificates has been targeted. In all, four of Comodo's resellers have suffered security breaches in the past three months.
The susceptibility of certificate authorities (CA) to hackers represents one of the many significant vulnerabilities of the SSL system, which serves as the Internet's foundation of trust. Once a CA's root certificate is included with a browser, it can be responsible for validating tens of thousands or hundreds of thousands of individual websites.
That makes it impractical to remove the root certificate even if there is good reason to be wary of it.
Nigg declined to state how many certificates StartSSL has issued during its tenure, but he did say it is among the top ten issuers. It is unclear when the firm will resume services for now.
In other Internet security news
Google said earlier this month that thousands of personal Gmail email accounts, including those of some senior U.S. government officials, were compromised as a result of a massive phishing attack originating from China.
The accounts that were hacked into were a result of stolen passwords, likely by malware installed on victims' computers or through victims' responses to previous emails from malicious hackers posing as trusted sources.
That type of a hack attack is known as phishing. Google believes the phishing attack emanated from Jinan, China. In addition to the U.S. government personnel, other targets included South Korean government officials and federal workers of several other Asian countries, Chinese political activists, military personnel and even journalists.
"The Department of Homeland Security is currently aware of Google's message to its customers," said Chris Ortman, a spokesman for the agency. "We are working with Google and our federal partners to review the matter, offer analysis of any malicious activity, and develop solutions to mitigate further risk."
You can link to the Internet Security web site as much as you like.