HELSINKI: Nokia Corp says hackers have breached the security on its developer community discussion site and accessed forum members' email addresses.
Nokia says the hacked database also included a few members' birth dates, home page URLs and usernames for Skype or Yahoo but no sensitive information such as passwords or credit card details.
The Finnish cellphone maker said Monday it had taken the community website offline as a precaution as it continues further investigations and security assessments.
Nokia's report comes amid a surge in high-profile cyber attack cases in recent months, including Citigroup, Sony Corp., and Lockheed Martin, as well as organizations such as the United Nations and the International Olympic Committee.
Now, hire hackers for $10 an hour: Report
Getting a hit man is expensive and dangerous, but if you just want to launch an attack on a website, it's cheap, around 10 dollars per hour.
LONDON: Getting a hit man is expensive and dangerous, but if you just want to launch an attack on a website, it's cheap, around 10 dollars per hour.
Krebs on Security reports that for a few hundred dollars you can go to an underground forum and hire someone (evidently Russian and Chinese) to mount a distributed denial of service (DDoS) attack on a site.
DDoS attacks usually rely on botnets, or networks of computers that run malicious software that fire off requests to a website.
The owners of those computers are almost never aware that they are part of an attack, Discovery News reports.
When enough page requests are sent, the receiving site's server gets overwhelmed and crashes, shutting the site down at least temporarily. Larger, more-trafficked sites will have better defenses, but a larger network of computers can take those down too.
Evidently, one can hire a hacker to mount a DDoS for about five to ten dollars per hour. Prices vary, but for about 1,200 dollars one can hire a DDoS attacker for a month.
A number of underground forums even sell botnet software for do-it-yourselfers. The authors of the software (known as Darkness) claim that with 20,000 bots in the network it can take down just about any site. Like many good software packages there's even a version available for free.
Hackers' playbook: common tactics
Once relegated to the shadows of the digital underground, hacking has gone mainstream. Hacking has become so prevalent that it has even been allegedly used by major news organizations in the United Kingdom for news gathering.
Although the major players are becoming more familiar, to many, their methods are as opaque as they've always been. In this slideshow, explore some of the techniques used by hackers to exploit and overcome cybersecurity vulnerabilities.
- Eavesdropping and Other Passive Attacks
- Denial of Service
- Keylogging
Anonymous: We're Gonna 'Kill Facebook' on Nov. 5
Attack is in the name of privacy, says warning
Anonymous says it is planning to destroy Facebook, “the medium of communication you all so dearly adore." The hacktivist group has posted a warning on YouTube announcing its plan to "kill" the site on Nov. 5, Business Insider reports. (The video is in the gallery.) The reason? “Your own privacy,” it says. “Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world."“Everything you do on Facebook stays on Facebook regardless of your 'privacy' settings, and deleting your account is impossible," the message continues. “One day you will look back on this and realize what we have done here is right." Some members of the loosely affiliated group are publicly distancing themselves from the campaign, notes CNN. Still, Facebook vs. Anonymous: It could be the “Internet showdown of the year,” observes the Village Voice, which also has a transcript of the video. ZDNet has more context, factoring in the advent of Google+.
Massive Cyber-Spying Campaign Uncovered.. China 'The Most Likely' Origin
Report identifies widespread cyber-spying
Among the targets were the Hong Kong and New York offices of the Associated Press, where unsuspecting reporters working on China issues clicked on infected links in e-mail, the experts said.
McAfee said hundreds of other servers have been used by the same adversary, which the company did not identify.
But James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said “the most likely candidate is China.” The target list’s emphasis on Taiwan and on Olympic organizations in the run-up to the Beijing Games in 2008 “points to China” as the perpetrator, he said. “This isn’t the first we’ve seen. This has been going on from China since at least 1998.”
Another computer expert with knowledge of the study, who spoke on the condition of anonymity out of reluctance to blame China publicly, said the intrusions appear to have originated in China.
The intruders were after data on sensitive U.S. military systems, as well as material from satellite communications, electronics, natural gas companies and even bid data from a Florida real estate company, McAfee said. Forty-nine of the 72 compromised organizations were in the United States.
“We’re facing a massive transfer of wealth in the form of intellectual property that is unprecedented in history,” said Dmitri Alperovitch, McAfee’s vice president of threat research. He would not name the private entities targeted, but said McAfee helped half a dozen of them investigate intrusions.
Some of the intrusions — such as one into the World Anti-Doping Agency in Montreal — are continuing, he said. Spokesmen for that organization and for the International Olympic Committee said they were not aware of the intrusions. A U.N. spokesman said technicians analyzing the logs have not seen evidence of stolen data. The Energy Department had no comment.
According to the report, which does not identify the AP by name, the organization’s New York office was targeted in August 2009 in an intrusion that lasted, on and off, for eight months. Its Hong Kong bureau was penetrated at the same time, in an intrusion that continued for 21 months.
AP spokesman Jack Stokes said the company was aware of the report. “We do not comment on network security,” he said.
The Associated Press has been targeted before. A March 2009 report by Canadian researchers about allegations of Chinese espionage against the Tibetan community found that computer systems in AP offices in Hong Kong and Britain had been compromised.
McAfee had been aware for years of a “command and control” server located in a Western country that was used to control malware deployed on target computers. But the firm just recently discovered that the hackers had made a tradecraft mistake, configuring the server to generate logs that identified every Internet protocol address the server had controlled since 2006.
Google’s disclosure early last year that hackers in China had broken into its networks and stolen valuable source code was a watershed moment: A major U.S. company volunteered that it had been hacked. Google also said that more than 20 other large companies were similarly targeted.
Scott Borg, chief economist at the U.S. Cyber Consequences Unit, a research group, has assessed the annual loss of intellectual property and investment opportunities across all industries at $6 billion to $20 billion, with a big part owing to oil industry losses. These firms spend hundreds of millions of dollars to explore oil fields before bidding on them, Borg said.
One measure of pain came recently when EMC Corp. disclosed that it had taken a $66 million charge to cover remediation costs associated with a March intrusion of its RSA division. That intrusion, which industry experts say appeared to have originated in China, resulted in the compromise of RSA’s SecurID computer tokens that companies and governments worldwide use to log on remotely to workplace systems.
As a result of the compromise, at least a dozen major financial institutions are switching to other vendors, said Gary McGraw, chief technology officer at Cigital, a security firm that works with banks. Stina Ehrensvard, chief executive of YubiKey in Palo Alto, Calif., said at least 25 firms have switched to YubiKey or are testing its token as a result of the RSA breach.
Staff researcher Julie Tate contributed to this report.
Subscribe to:
Posts (Atom)