Anonymous Hacks Department of Justice. Anonymous is taking credit for a confirmed breach of security at the U.S. Department of Justice, although the exact contents of the data bounty are not yet known. "Today we are releasing 1.7 GB of data that used to belong to the United States Bureau of Justice, until now," reads an Anonymous press release, referring to the Department of Justice. "Within the booty you may find lots of shiny things such as internal emails, and the entire database dump. " The hacktivist collective has been known to make bold claims, but a Department of Justice spokeswoman confirmed to Reuters that Anonymous members did indeed access a server that hosts the Department's statistical data, including cybersecurity records.
Anonymous released the data dump online through their usual torrent-based delivery system, but an attempted download of the data for further examination failed to complete. Images courtesy of Flickr, gaelx. Hackers Target Tech-Industry Groups Over Cybersecurity Bill. Several top tech-industry groups said on Monday they were the target of cyberattacks because of their support for controversial cybersecurity legislation. The hacker group Anonymous claimed responsibility for taking down the websites of USTelecom and Tech America, which both back the Cyber Intelligence Sharing and Protection Act of 2011. Both sites remained unreachable as of Monday afternoon.
The bill, sponsored by leaders in the House Intelligence Committee, would allow businesses and government agencies to share more information with each other to counter cyberattacks. Civil libertarians have criticized the bill for undermining privacy laws and creating a backdoor for government surveillance. The cyberattacks may portend a larger Web-based protest over cybersecurity proposals. But USTelecom President Walter McCormick said that the attacks on his organization’s website are proof of the need for the legislation.
Michael Jackson's Entire Music Catalogue Stolen in Sony Music Hack. More than 50,000 Michael Jackson music files were hacked from Sony's servers in 2011, the company recently confirmed. Jackson's back catalogue spanning his entire career, in addition to unreleased tracks, were allegedly illegally downloaded by Brits James Marks and James McCormick, the Guardian reports. The two suspects will stand trial in January 2013. After the King of Pop's June 2009 death, Sony purchased the rights to all released and unreleased Jackson recordings for $250 million, allowing the company to sell tracks, DVDs and video games, according to CNN Money. Sony had planned to release 10 albums over the next seven years.
SEE ALSO: Remembering Michael Jackson: 10 Terrific Tributes This was the second notable hack Sony experienced in the span of a year. Do you think there will be consequences of hackers getting hold of unreleased material from Jackson's "Off the Wall," "Thriller" and "Bad" studio sessions? Thumbnail courtesy of Flickr, Alan Light. NASA Was Hacked 13 Times Last Year. It seems not even the high-tech NASA is safe from digital intruders: The space agency's computer systems were breached by hackers 13 times last year, according to Congressional testimony this week. "These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives," said Paul Martin, NASA's inspector general, in his Congressional testimony released on Wednesday.
"Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million," he continued. Martin gave Congress detailed information about some of the attacks.
Images courtesy of iStockphoto, LaserLens. Anonymous Hacks Private Prison Company Website. A protester wearing an Anonymous Guy Fawkes mask takes part in a demonstration against the Anti-Counterfeiting Trade Agreement as part of an international day of action against the increasingly-contested anti-piracy accord. After high-profile takeovers of recording industry and Justice Department websites last month, hackers affiliated with the Anonymous movement had a new target Friday: the for-profit prison industry. Hackers defaced the website for the Florida-based GEO Group, the nation's second-largest operator of private prisons, calling the attack "part of our ongoing efforts to dismantle the prison industrial complex.
" The domain www.geogroup.com was replaced Friday morning with a black screen headlined by the symbol "#antisec," a term for the Anti-Security Movement, which is affiliated with the online coalition known as Anonymous. As of early Friday evening, the company had removed the messages, but the website was still down.
HuffPost's Gerry Smith contributed to this article. Hacker says porn site users compromised, claims Anonymous affiliation. LONDON (AP) – A hacker claims to have compromised the personal information of more than 350,000 users after breaking into a disused website operated by pornography provider Brazzers. Kate Miller, director of communications for site owner Manwin Holding SARL, said Saturday it was "currently investigating the issue" but that no credit card information has been leaked. Miller said it appeared that the hacker had gained access to an inactive forum to help enter other, linked websites.
She said people who were potentially affected were being notified of the security breach by the company. BLOG: Anonymous takes down CIA site, exposes Ala. personal data In an e-mail, she said that security was "a priority at all times" and that the company would do all it could to safeguard its users' information. The breach is a potential embarrassment for Luxembourg-based Manwin, which runs some of the world's best-known pornography websites. "I didn't do that for any money," he said in an e-mail. Chinese Computer Hackers Hit U.S. Chamber Of Commerce. WASHINGTON – A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.
The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. The complex operation, which involved at least 300 internet addresses, was discovered and quietly shut down in May 2010. It isn't clear how much of the compromised data was viewed by the hackers. It is possible the hackers had access to the network for more than a year before the breach was uncovered, according to two people familiar with the Chamber's internal investigation. One of these people said the group behind the break-in is one that U.S. officials suspect of having ties to the Chinese government.
Foxconn hack releases Apple order data. Foxconn, the Taiwanese manufacturer best known for producing the iPad and iPhone, has been the target of a server hack, with a group calling itself Swagg Security leaking login details for every user in the company, up to and including CEO Terry Gou. The security breach - done, it's suggested, to simply prove that it could be achieved, and for the pleasure of the ensuing mayhem - was eventually shut down by Foxconn, which cut external access to its servers. The group reportedly took advantage of an Internet Explorer vulnerability that had been left unpatched by a Foxconn employee, pulling out sensitive information from the company's servers and bundling it into a freely-available torrent.
Other users were encouraged to access the servers using the disclosed passwords, which could reportedly be used to place fake orders with Foxconn under the names of its vendor partners like Apple, Microsoft, Intel and Dell. [via 9 to 5 Mac] Zappos gets hacked, resets customers' passwords. On January 15, online retailer Zappos alerted customers to a security breach. In an e-mail to employees, Zappos CEO Tony Hsieh said that a hacker had compromised one of the company's servers in Kentucky.
As a result, the intruder was able to gain access to internal networks. While no credit card data or passwords were exposed in the attack—both were stored in encrypted form—the attack did expose other personal information—including names, shipping and billing addresses, phone numbers, and e-mail addresses. Over 24 million customer accounts were affected in the breach. As a precaution, Zappos has expired all customers' passwords, and alerted customers that they should change passwords on other sites that are similar to their old one on Zappos.
Hackers Steal 45,000 Facebook Passwords & Logins. A rampant worm by the name of Ramnit has stolen login and password information for 45,000 Facebook users, mostly in the UK and France. Prowling the 800-million-strong social network, the worm eats user names, passwords and browser cookies. It also acts as a backdoor, meaning a hacker can attack any computer that has already been infected. According to the Microsoft Malware Protection Center, Ramnit infects Windows executables, Microsoft Office and HTML files. The Ramnit worm initially transformed into financial malware in August 2011, according to reports from Trusteer. "What was once malware designed to steal data from financial institutions has evolved into a social network threat," says John Weinschenk, CEO at Cybersecurity company Cenzic. The current composite Ramnit worm is like a Mogwai that has been hit with water, eaten food after midnight, stepped out into the sun and transformed it into a hyper-evil gremlin.
Water Utility Control System Hacked Last Week. Last week the news blogs were filled with information about a second attack on a computer-based supervisory control system (SCADA) at the Curran-Gardner Township Public Water District based near Springfield Ill. The first was the Stuxnet malware targeted at an Iranian nuclear facility that was extensively covered. We wrote about how the Symantec anti-virus researchers decompiled the malware and demonstrated it to us here earlier this summer, and how variants on Stuxnet called Duqu were also found last month floating around European networks. A second attack was reported by Computerworld last week based in a Houston utility. The Illinois attack was revealed by SCADA cybersecurity expert Joe Weiss. Writing on his ControlGlobal blog he mentions the specifics. The ultimate damage inflicted on the utility was a burned out water pump. Whether the Springfield utility followed best practices in how it connected its SCADA controllers remains to be seen.
Photo c/o CleanWaterWaste.com. Exclusive: Comedy of Errors Led to False ‘Water-Pump Hack’ Report | Threat Level. Jim Mimlitz on vacation in Russia last June with his wife and three daughters. Photo courtesy of Jim Mimlitz. It was the broken water pump heard ’round the world. Cyberwar watchers took notice this month when a leaked intelligence memo claimed Russian hackers had remotely destroyed a water pump at an Illinois utility.
The report spawned dozens of sensational stories characterizing it as the first-ever reported destruction of U.S. infrastructure by a hacker. Some described it as America’s very own Stuxnet attack. Except, it turns out, it wasn’t. Now, in an exclusive interview with Threat Level, the contractor behind that Russian IP address says a single phone call could have prevented the string of errors that led to the dramatic false alarm. Mimlitz’s small integrator company helped set up the Supervisory Control and Data Acquisition system (SCADA) used by the Curran Gardner Public Water District outside of Springfield, Illinois, and provided occasional support to the district.
Anonymous Hacks Company That Specializes in Security. Hacker group Anonymous began its promised week of Christmas hacks, assaulting a long list of targets. The first Anonymous hack resulted in stolen emails and credit card data from Stratfor, an Austin-based think tank that concentrates on security issues. One alleged conspirator said the goal was to use that credit card data to steal a million dollars, and give the money away as Christmas donations, the AP reports. Online images, posted to Twitter, show receipts from the donations.
Twitter account @YourAnonNews, which is supposedly linked to the group, tweeted Sunday that the reason it was able to steal the credit card data was because it had not been encrypted by Stratfor — an embarrassing mistake for a company specializing in security. Among the private clients on Stratfor's tightly-guarded list — whose information Anonymous accessed — are the U.S. Army, the U.S. Air Force and the Miami Police Department. "It was all charities, the Red Cross, CARE, Save the Children.