Mobile news

Tags: Featured, Hacking, Mobile Payments, Problems & Issues, Identity Theft Council

23 May 2012

Thinking of buying those shoes with your iPhone? Make sure you're protected from identity theft first.

Neal O'Farrell, the executive director of the Identity Theft Council, gave a talk called "The Hackers Are Coming -- Why the Small Business is the Big Target and What You've Got to Lose" to highlight the dangers of mobile banking for small businesses.

O'Farrell believes the dangers can jeopardize a large segment of businesses and people, explaining, "Eight out of ten mobile banking apps have security flaws, but Apple and the banks don't want you to know that. I'll wait another 20 years to stick my toe in that pond."

Even users with Macs can get their information stolen, and recovery is often problematic. Identity theft via online banking is on the rise, but police investigate less than 1 percent of the crimes.

O'Farrell advocates using a separate, cheap netbook for money transactions, so more frequently used mobile devices won't have the sensitive information on them.

Online banking is far from safe, and mobile finance systems taking stabs at winning loyal users will meet difficulty if people realize how vulnerable their security is to attempted hacks.

O'Farell's advice is at odds with the intentions of a variety of up-and-coming mobile payment systems including Isis and Google Wallet. These businesses will only succeed if consumers feel comfortable with online financial transactions, but O'Farrell points out the need for caution. Isis could have an easier time because it went to great lengths to round up an expansive coterie of security backup, but it still may not outsmart greedy hackers.

In addition to plumbing smartphones and tablets for financial information, hackers also recently targeted medical data, highlighting how identity thieves are liable to explore lots of options to gather sensitive information.

The medical records contained information the hackers could use to figure out passwords and banking information, so although it was not a direct attempt to steal money, identity theft was the end goal. This suggests hackers could also breach smartphones without banking information on them and use other sensitive data to puzzle out account information anyways.

Mobile banking is convenient and consumers have a growing number of options for transactions on the go, but every transaction brings a real identity theft risk. Even though companies are pouring money into ways to make mobile payments mainstream, the continued rise of smartphone-related identity theft may curb adopting this type of transaction unless companies can prove their mobile systems are secure.

Tags: Featured, Hacking, Health & Safety, Problems & Issues, Utah

18 May 2012

The theft of about 780,000 online medical records by unknown hackers from state computers in Utah is sounding alarm bells about the protections of sensitive data.

Last month, hackers stole the data of hundreds of thousands of Medicaid recipients and participants from Utah's Children's Health Insurance Program, including the Social Security numbers of about 280,000 of them. Child records are specifically valuable to criminals because their lack of a credit report or bank account makes it difficult to monitor them for identity theft, leaving their data open for exploitation for years before it is uncovered.

Utah's Department of Health said it was cooperating with the F.B.I. on its breach and working to notify victims, suggesting that Utah's Medicaid and Children's Health Insurance Plan recipients, as well as anyone whose health-care provider might have submitted information to the state for Medicaid coverage within the last four months, monitor their credit and bank accounts.

Utah Gov. Gary Herbert this week called the compromise a "completely unacceptable breach of trust," offered an apology and announced a "comprehensive" response to the massive data breach, including the resignation of Stephen Fletcher, director of the state's Department of Technology Services. The state also offered victims free credit monitoring.

These kinds of patient data breaches are surging, underscoring the need for greater privacy protection. According to the Ponemon Institute, data hacks in healthcare rose more than 30 percent this year, with 96 percent of healthcare organizations reporting at least one breach involving patient information over the past two years.

As part of a 2009 stimulus bill, the U.S. government pays incentives to doctors and hospitals that adopt electronic health records. As a result, more than half of office-based physicians now use digitized records and the number is steadily growing, according to the Centers for Disease Control and Prevention.

Electronic medical records are a treasure trove of personal information, as the Utah breach reflects, including names, Social Security number, birth date, insurance information and personal health details, making them a prime target for hacking and theft.

Utah officials report hackers were able to break into a Medicaid eligibility server, used to validate claims of retirees and others, in part because the security tools on the computer server were not installed properly. Also, much of the vulnerable data should have been deleted from the server once the claim was validated, but they were retained as records.

Some of the exposed data was indecipherable, or disconnected from a name, making it hard to assess the full damage. Investigators have traced the hackers' IP address to Eastern Europe, but haven't identified any suspects.

Hospitals and physicians are likely to search for better ways to bridge the gap between security practices and digitized data. More than 80 percent of physicians now use a smartphone, according to Manhattan Research, to do more patient-focused activities, such as communicating with patients via text messages, checking EKG or other test results and sending patient alerts and reminders, adding to the complexity of the protection issue.

Hospitals, consulting firms, insurers and other big organizations that handle digitized, sensitive patient information expect to increase privacy protection, providing an emerging market for enterprise-class, healthcare-specific device and records security amid growing consumer awareness.

"The people of Utah rightly believe that their government will protect them, their families and their personal data," Herbert said. "As a state government, we failed to honor that commitment. For that, as your governor and as a Utah [citizen], I am deeply sorry."

Credit monitoring and commitment to improve are two consolations for those affected by the Utah breach, but will hardly be enough as medical records zoom towards digitization and hackers hone their skills.

Tags: Featured, Hacking, Problems & Issues, Anonymous, India

17 May 2012

Anonymous hackers darkened several Indian government websites, retaliating against the country's censorship practices in its continued crusade for a free Internet.

The Supreme Court of India and All India Congress Committee websites suffered distributed denial of service attacks under "MT Operation India," leaving them inaccessible for 24 hours. Anonymous crippled the government pages to chastise Indian service providers for blocking file-sharing sites like Vimeo and The Pirate Bay.

India's ISPs acted in anticipation of a pending government proposal, which aims to create a Committee for Internet Related Policies for overseeing the subcontinent's online activities.

The committee, a 50-member UN-backed organization, would hold censorship powers over content deemed inappropriate or offensive by India's ruling party. But Anonymous, whose Pirate Party won parliamentary seats in Sweden and Germany after campaigning for Internet freedom, disagrees with this direction.

"Namaste #India, your time has come to trash the current government and install a new one. Good luck. #SaveTPB #Anonymous #Censorship," the collective tweeted.

Anonymous has a history of denouncing governments that wish to control the Internet, while India has a record of censoring websites. The two interests are now clashing for the second, but likely not the last, time.

Anonymous' first publicized tangle with India occurred in February and concerned the 1984 Bhopal gas leak, which left thousands dead and maimed. The global intelligence firm Stratfor, according to Anonymous, paid corrupt Indian officials to silence victims after the disaster.

Before turning its sights to Bhopal, Anonymous already enjoyed widespread notoriety for challenging worldwide governments on censorship issues.

The collective hit the FBI for nabbing Wikileaks suspects, struck China over its strict censorship policies, even targeting Malaysia and Spain for their attempts to police the Internet.

Anonymous also involved itself in the Arab Spring, fighting against Gaddafi in Egypt and Assad in Syria. The leaderless hackers also criticized Iran over its plans to create a government-run, internal Internet by August 2012.

Until the Stratfor hack this February, however, Anonymous largely remained silent while India sought to censor emails and social media content.

India successfully banned Nokia email servers in April 2011, citing security risks, and enlisted RIM's reluctant help in monitoring BlackBerry Messenger content last fall. The country is also suing Google and Facebook after the Internet giants' allegedly slow response to government requests for proactive censorship of "offensive" content.

But after years of ignoring India's increasingly strict Internet controls, Anonymous is beginning to take interest. The collective may be doing so in part to burnish its reputation as a crusader for freedom after a slew of bad press smeared the hackers this winter.

If India pursues its current direction about online restrictions, however, Anonymous will likely strike the subcontinent more often, denouncing Internet regulation and preserving its own reputation in the process.

Tags: Featured, Hacking, Problems & Issues, Reports, Neustar

16 May 2012

Cyber-attacks on small businesses are repelling customers and costing a fortune, leaving owners with tough choices on how to strengthen their online defenses against increasingly common security breaches.

According to a Neustar study, 70 percent of surveyed businesses experienced prolonged distributed denial of service, or DDoS, attacks that drove away countless customers and millions of dollars in potential revenue.

Over five hundred IT professionals admitted their greatest fear is the customer backlash and heavy cost of distributed denial of service attacks. DDoS attacks overload servers with requests, overwhelming websites in a heavy flow of traffic.

Retailers worried about hacking the most, as such attacks cost an average of $100,000 per hour.

"This is a significant amount of money," observed Ted Swearingen, director of the Neustar Security Operations Center. "People don't realize there are a lot of other costs associated with DDoS, such as brand damage."

Neustar's study suggests if large firms suffer monetarily from cyber-attacks, small businesses have an even harder time handling increased security breaches.

For instance, Sony stands out as a significantly damaged brand, following a string of Anonymous DDoS hacks from April until October 2011. The attacks cost millions in cleanup and forced the company to compensate disgruntled users for failing to protect their data.

The Japanese company was big enough to stay afloat following this disaster, but most small entrepreneurs would have sunk in its wake. And in this case Anonymous hackers didn't even aim to steal from Sony's financial centers, preferring instead to humiliate the electronics maker by publicizing user information.

"While Anonymous has been getting a lot of headlines, our data tells us that most of these attacks are happening for the old-school reasons of why you'd want to knock out a site: financial gain and competitive advantage," said Sweringen.

Small businesses are just as vulnerable as big corporations against financial DDoS attacks, since the payout is lower but the threat of retaliation much slimmer. And financially motivated attacks are increasingly common, as Swearingen states.

"You have a one in three chance of a DDoS attack. It is something that IT teams and companies need to prepare for," he warns.

But under five percent of participants in Neustar's study have any protection against DDoS attacks, using only firewalls and rudimentary software to discourage hackers.

Further, many businesses use generic passwords like "password1" and "1234" to shield sensitive data rather that switching to complicated, unhackable codes.

Cyber-insurance, sold by firms like Travelers Companies and Chubb, also offer a refuge to both small and large businesses seeking protection against cyber-criminals. Still, this method is only partially helpful as it may not cover certain claims like civil lawsuits.

New government regulations may also soon enable small businesses to collaborate with the National Security Administration in warding off cyber-criminals. But civil rights advocates say these bills violate the First Amendment and may eliminate more liberties than they grant.

With the number of cyber-hacks is the rise, small companies will need to set aside finances for comprehensive preparations to fortify their electronic defenses to avoid Sony's fate. However, they will also need to weigh whether the investment will be money well-spent, or if any company can really be protected against the ever-increasing -- and more aggressive -- amount of cyber-attacks.

Tags: Featured, Hacking, Anonymous, MalSec

24 April 2012

Breaking up is hard to do, but some Anonymous hackers are splintering off into their own group, vowing to hack with integrity and fight censorship.

Tags: Crime & Punishment, Hacking, FBI, California State, Matt Weaver

23 April 2012

A California student tried to win a college government election by hacking into classmates' accounts, which may lead to federal charges and increased privacy for not only colleges, but national and state elections as well.

Tags: Hacking, Problems & Issues, Anonymous, RIAA, Anontune

20 April 2012

Hacker group Anonymous is setting its sights on the music industry, promising a major shakeup in the works -- but will its efforts yield real changes?

Tags: Featured, Hacking, Problems & Issues, Anonymous

16 March 2012

Anonymous released a potentially unsafe OS, saddling the collective with trust issues as it moves to expand beyond hacking.

Anonymous OS Live, available for free on SourceForge, can supposedly check the "security of Web pages" with password cracking tools and simulated denial of service attacks.

But AnonOps, the collective's official Twitter account, warns the Linux-based OS "is fake" and "wrapped in Trojans" meant to spy on users' computers.

The OS creators deny this statement, insisting, "If any user believe that Anonymous-OS 'is wrapped in trojans' or 'backdoored OS by any Law enforcement Company or Hacker,' please don't download it! But don't mislead the world that Linux is dangerous and has trojans!"

The Anonymous OS Live was downloaded about 21,000 times in four days, with nearly 40 users recommending it while half that number saying it's bad news.

The conflict surrounding the OS suggests it is the unsanctioned work of legitimate Anons or perhaps of hackers out to hurt the collective with more bad publicity.

More bad press is the last thing Anonymous needs, since news of the dubious OS follows reports of internal betrayals and rogue hackers that continue to plague the collective.

Most notably, LulzSec leader Sabu, who had close ties to Anonymous, recently helped the FBI arrest five Anons in exchange for a reduced sentence after his capture. And the "Jester," a hacker bent on outing the hacktivists, says he may also aid the FBI by giving them top Anons' personal information.

James Jeffrey also darkened the collective's reputation as online freedom fighters when he broke into the medical records of 10,000 British women connected with the country's biggest abortion provider.

These conflicting actions are challenging Anonymous' movement to expand its influence outside of hacking operations and continue to cultivate such a negative media image of the group.

"Anonymous 9000" addressed this conundrum at the South by Southwest film festival, publicly reiterating the collective's mission to defend freedom of speech and corporate transparency. 9000's speech at the prominent festival reflects the group's increased preoccupation with influencing popular opinion, which is critical since Anons need support for ventures like protests, a social media network and new political parties.

Anonymous managed to draw crowds for last summer's street protests against San Francisco's public transportation network, as well as garnering support for the Occupy movement. The collective has also mentioned creating its own social network as well as forming a U.S. version of its European political parties.

But these goals may be threatened if the organization's internal strife and dissent confuses the average person and begins to distrust Anonymous and its buggy OS-building members. In order to stay positive in public opinion, Anonymous will likely distance itself more aggressively from those who may discredit the collective in order to further its goals.

Tags: Arts & Entertainment, Featured, Hacking, Anonymous, SXSW, We Are Legion

15 March 2012

Hackers showed up at SXSW's Film Festival to support a documentary about Anonymous, reiterating their mission following a crackdown on their collective.

Two hackers, wearing Guy Fawkes masks to protect their identities, insisted their cause is strong despite recent arrests, inside tipsters and rogue members' counterproductive activities.

Anonymous member "9000" told an SXSW panel it was initially chilling when police nabbed LulzSec leader Hector Xavier Monsegur, known as "Sabu."

But Sabu's arrest and subsequent aid in the FBI capture of five Anons only encouraged hacktivists to further campaign for free speech and transparent enterprise, according to the hacker.

"A lot of people we hadn't seen for months, or years, started showing up. An attack happened that night," he recounted. "It just angered them, not frightened them."

The collective demonstrated resilience following FBI and Interpol arrests by attacking high-profile targets like the Vatican and a neo-Nazi group.

Besides praising the hacktvists' perseverance, 9000 explained that the group's recent bad press in no way reflects most members' sentiments.

"That's the double-edged sword of Anonymous," said 9000. "Anyone can claim the name of Anonymous and do whatever they want. If anyone wants to make Anonymous look bad... it's easy to do."

9000 may have been referring to hackers like "The Jester" and James Jeffrey, both of whom have lately cast the collective in a poor light.

Jeffrey, a self-proclaimed Anon, hacked into 10,000 women's health records at Britain's biggest abortion provider.

The Jester claims to possess the personal information of multiple Anons and says he will use it to aid law enforcement in capturing the hackers.

The exploits of a few continue to dampen Anonymous' public image, but an SXSW film called "We Are Legion: The Story of the Hacktivists" may help reverse this trend and shed light on the mysterious group.

"I think Anonymous has garnered a lot of attention, some of it negative but a lot of it quite positive," ?said Gabriella Coleman, one of the film's commentators.

"The support has been wild and extensive, which we can see registered with the Guy Fawkes iconography spreading everywhere during OWS or earlier with the Paypal boycott day on Twitter," she continued.

Coleman's sentiments infuse the film, which may undo some of the damage visited on Anonymous by federal authorities and internal betrayals.

As a collective, Anonymous reflects differing viewpoints from both its destructive and creative members, as individuals continue to leave an imprint on the group. Recent incidents and even its own members suggest the collective is more complex than simply "good" or "bad," and its impact and actions will continue to reflect its varied membership and nature.

Tags: Featured, Hacking, Problems & Issues, Anonymous

13 March 2012

Anonymous hackers struck the Vatican again, wreaking havoc despite ongoing arrests, defectors and rogue members that risk impairing future operations.

Anons' latest attack on the Vatican temporarily darkened its website, during which time the group "took the liberty to implement a small incursion into [the Vatican Radio] systems."

A spokesman for the Radio acknowledged the breach but added, "Thirty percent of the information on the server was so outdated it was of no use."

Anonymous targeted the Radio since it allegedly uses transmitters that the collective believes operate "largely outside the bounds of the law."

The attack on the Holy City displays the collective's resolve to fight for transparent business practices and free speech, even as internal problems threaten to obscure its mission.

For instance, last week's operation against the Vatican, which sought to protest Catholic doctrine and child molestation, occurred one day after LulzSec member Sabu's arrest.

Hector Xavier Monsegur, known by the handle "Sabu," reportedly exposed other LulzSec members in exchange for a reduced sentence. LulzSec and Anonymous have had strong ties since joining forces last summer, implying Anons, too, may face arrest resulting from Sabu's confession.

After Sabu's betrayal, Anonymous tweeted, "Hacks will continue and so will the anger of the people. Arresting Sabu is not a win for the FBI it was a favour."

But the collective may face bigger problems now that a rogue hacker named "The Jester" says he possesses incriminating texts, emails and personal information belonging to Anonymous leaders.

The Jester has long accused Anons of stealing credit card numbers and passwords, and suggested he may hand over this information to the FBI if he hasn't already.

Meanwhile, the arrest of Anonymous member James Jeffery may hurt the collective's public image.

Jeffery landed in jail for hacking Britain's biggest abortion provider and nabbing the online records of 10,000 women. He is a "zealot with an anti-abortion campaign," according to Judge Daphne Wickham, who refused his request for bail.

Anonymous is feeling the heat thanks to Jeffery, the Jester and Sabu as well as Interpol and the FBI, which nabbed 30 hackers in sting operations so far this year.

Internal and external troubles have not yet dampened Anons' resolve, as the Vatican hack suggests, but the collective will need strong armor if it hopes to withstand future blows.