Hackers breach the security of a defense industry site, steal sensitive data
June 30, 2011
Computer hackers successfully breached the security of a defense industry website and stole sensitive subscriber information that could be used in even more attacks targeting the U.S. military and its contractors. The news is disturbing and has many government officials and military personnel concerned that such a thing could have happened in the first place.
Gannet Co., publisher of Defense News, disclosed the incident in an advisory published June 27. The information that was stolen included website subscribers' first and last names, usernames, passwords, email addresses, and in many cases, military duty status, paygrade, and branch of service.
It's the kind of data that many infiltrators of classified government systems covet, simply because it allows them to send malware-laced emails and viruses that appear to come from superiors, co-workers, or even friends.
And such spear phishing attacks have successfully harvested a variety of big fish over the past 1 1/2 year, including the International Monetary Fund, RSA Security, and the Oak Ridge National Laboratory.
Gannet Publishing didn't say how the attackers breached its website. Since the incident, it has hired an outside computer forensics company to investigate the hack and to improve security.
In other Internet security news
Over the weekend, Citigroup did admit that a server hacking attack in May stole millions of dollars from customers' credit card accounts.
Citigroup said that about $2.7 million was stolen from about 3,400 customer accounts on May 10, 2011.
The account hackers actually accessed a much larger number of accounts: 360,083 to be more precise. However, fewer than 1 percent of the hacked accounts had money removed from them, according to Citigroup.
The bank repeated what it had said weeks ago that customers won't be responsible from financial losses stemming from the attacks.
"Bank customers are never liable for any fraud on their accounts and are 100 percent protected by our security policy," Citigroup said.
Citigroup announced two weeks ago that more than 200,000 new credit cards had already been issued to its victimized customers. In some cases, account holders had already closed their account or had received a new card, so they didn't need the Citi-initiated replacement in the first place.
Citi waited until June 3, more than three weeks after its discovery of the hack, to start sending out notification letters. But the bank insisted that it acted quickly to deal with the security issues.
"From the moment we discovered the security breach, we took immediate action to rectify the situation and protect any customers potentially at risk," Citi said in a written statement earlier this month.
There has been a spate of recent, high-profile security breaches. Video game maker Electronic Arts said Friday that hackers recently breached a server linked to a message board, stealing customer information.
Then Sony was subjected to several major hacking attempts in March, April and May, affecting several of its gaming systems and potentially compromising tens of millions of credit card numbers. The security issues were heavily publicized by the media and the Internet security community.
In a separate case, hackers used SecurIDs -- the tokens used by office workers to access corporate systems -- to launch cyber attacks against Lockheed Martin. The maker of the tokens, RSA Security, a division of EMC Corp offered to replace or monitor all SecurIDs.
Bank of America employees and some clients use the tokens. The banks said they will be replaced.
In other Internet security news
Avantex Hosting reported this morning that it successfully completed the testing on the IPv6 protocol on World IPv6 day, June 8, 2011. As early as February 2009, Avantex took the lead and started implementing its networking equipment for the new protocol.
World IPv6 Day was an event sponsored and organized by the Internet Society and several large hosting companies and content providers to test public IPv6 deployment on the Internet. It started at 00:00 UTC on June 8 and ended ar 23:59 the same day.
Avantex says that the key motivation for the event was to evaluate the real world effects of the IPv6 protocol as seen by various networking equipment and according to the various tests performed. To that end, during World IPv6 Day major Internet companies and other industry players enabled IPv6 on their main websites for 24 hours.
An additional goal was to motivate organizations across the industry such as Internet service providers, hardware makers, software engineering firms, operating system vendors and web companies to prepare their services for IPv6, in assuring a successful transition from IPv4 as IP address space is rapidly running out.
In September 2010, Cisco started running IPv6 on its site. The testing primarily consisted of websites publishing AAAA records, which allow IPv6 capable hosts to connect using IPv6. Although Internet service providers have been encouraged to participate since 2010, they were not expected to deploy anything active on that day. Instead, they were expected to just increase their readiness to handle support issues.
Many web hosting companies such as Avantex and others participated in the experiment, including Google and other search engines, social networking websites, Internet backbone and content distribution networks.
Avantex Hosting Services is a dedicated Web hosting organization, offering companies, small & medium size businesses, private individuals, all levels of government and non-profit organizations, reliable and professional Web hosting services.
Utilizing one of the best carrier backbone infrastructure and BGP Network in the industry, Avantex is in a unique position to offer the most competitive pricing in the Web hosting industry, since all pricing is offered at the wholesale level.
Located in ultra-modern and fully air-conditioned data centers, Avantex owns all of its servers and buys large quantities of Internet bandwith, thereby passing along its savings to its end users. Avantex's wholesale pricing model is available to anybody that is interested in dependable and quality Web hosting services, 24 hours a day, 365 days a year.
Avantex has a large network of resellers, Web design specialists and Internet integrators, further strenghtening our goal in being a premier hosting organization. Already serving many non-profit organizations, since its foundation in 1994, Avantex has had a constant and growing need for quality and professional Web hosting services.
You can link to the Internet Security web site as much as you like.