Entries with tag computer hackers.

Some Dragonfly Malware Victims Identified

A new analysis of circumstances surrounding the Dragonfly malware attacks has identified two of the three industrial-control-system software firms that the hackers targeted. Dale Peterson, founder and CEO of security firm Digital Bond, said the companies were MB Connect Line, a German maker of industrial routers and remote access appliances; and eWon, a Belgian virtual-private-network software developer whose products access industrial control devices. Peterson stated that he knows the identity of the third company but cannot divulge it. The Dragonfly campaign used a piece of malware known as Havex against energy-grid operators, major electricity-generation firms, petroleum-pipeline operators, and industrial-equipment providers, primarily in France, Germany, Italy, Poland, Spain, Turkey, and the US. In some cases, the hackers first breached the systems of industrial-control-system vendors that sell to energy-sector companies and infected the software they sold. The energy companies became infected with the Havex remote-access Trojans when they downloaded the compromised software. Havex steals information about infected computers and networks, as well as data from e-mail address books and virtual private networks, and sends them to the hackers’ servers. Peterson said he released the names of the affected industrial-control-system software firms because other security companies weren’t doing so in a timely manner. He said, “[I]t would be helpful if these energy control system and energy sites were made public so asset owners could be alerted that they may have been compromised."(SlashDot)(Digital Bond)

US Hacker Set Free after Helping Authorities

US authorities have freed a computer hacker who helped them prevent numerous cyberattacks on high-profile targets such as the US Congress and NASA after serving seven months in prison. Hector Xavier Monsegur —a member of LulzSec, a splinter group of the hacker organization Anonymous arrested in June 2011—pleaded guilty in August 2011 to 12 criminal counts related to hacking, fraud and identity theft in connection with cyberattacks on organizations including the US Senate, Sony and PayPal. These charges ordinarily carry a sentence of 21 to 26 years in prison. However, because of his cooperation with federal officials—including assistance in detecting and stopping at least 300 attacks and providing information about the inner workings of LulzSec and Anonymous—prosecutors asked that his sentence be reduced to the seven months he had already spent in prison during his pretrial detention. His sentencing was repeatedly delayed to allow him to continue cooperating with the government, according to the New Yorker. Monsegur says he is not the same person he used to be and would like to work as a systems administrator or teacher. He and some family members have been relocated as a result of physical and death threats based on his cooperation with law-enforcement officials. (The Associated Press -- 1)(CNET)(CNET @ Scribd)(The Associated Press -- 2)(The Los Angeles Times)(WIRED)(New Yorker)

Canadian Man First Arrested for Using Heartbleed Exploit

A Canadian man arrested 15 April 2014 is the first person known to have been arrested for using Heartbleed – a vulnerability in Open SSL encryption – in a data breach. Stephen Arthuro Solis-Reyes, 19, of London, Ontario, is being charged with one count of Unauthorized Use of a Computer and one count of Mischief in Relation to Data after he allegedly stole 900 social insurance numbers and other data from the Canada Revenue Agency, according to the Royal Canadian Mounted Police. Computer equipment in the suspect’s home was seized. No other information was released. Those affected by the theft will be contacted by registered mail, according to the agency, which will also offer free credit protection services and additional security on their accounts. Solis-Reyes, a computer science student attending Western University, is scheduled to appear in an Ottawa court 17 July 2014. (Reuters)(The Associated Press)(PC Mag)

Showing 3 results.