Anonymous reveals 90k military email and password combos in the name of #Antisec
Black hat security group Anonymous has exposed 90,000 military email addresses stored on servers from consulting firm and U.S. government contractor Booz Allen Hamilton. The hacker group said the breach was done to expose the corruption of government and related corporate entities.
Booz Allen Hamilton deals with all branches of the armed services as well as the defense and intelligence communities of the U.S. Government. It claims to provide, among other things, "strategy and technology solutions that help deter 21st century threats and meet complex mission requirements."
'Mobile malware is the new frontier of cybercrime'
That's the stunning statement made by Robert Siciliano, a security and identity theft consultant, blogging for McAfee today. The post's title is nearly as provocative: "McAfee Reports Most Malware Ever in Early 2011".
Siciliano writes based on the McAfee Threats Report: First Quarter 2011, which released on June 1 and has gotten modest coverage among bloggers and journalists.
You can remove TDL4/ Popureb malware from Windows PCs
"Indestructible" rootkits, "fatal" trojans, "hellish" viruses -- malware has always been a great topic for generating scary headlines. There's generally no need to worry, though. Almost whatever the threat, if you can just wait for a while then a free (and often simpler) solution will turn up.
The latest variant of the Popureb Trojan, for instance, hides itself away in your Master Boot Record, and hooks a hard drive port driver in an attempt to protect itself from being overwritten. It's so deeply buried that Microsoft initially recommended reinstalling Windows if you were infected, but a few days later they changed its advice to point out that a little work with the Recovery console could get your PC back to normal. Or alternatively, a free Webroot tool can detect and remove the threat for you in just a couple of clicks.
Starting over with the Internet is cybersecurity Shangri-la
Many of the worst problems on the Internet are probably unsolvable, at least as a practical matter. One of the favorite models to imagine our way out of this ordeal is to start over with a new and more "secure" Internet. Sadly, this is an even less practical idea than fixing the one we have.
The latest to dare to imagine this dream is U.S. Cyber Command chief Gen. Keith Alexander who wants a ".secure" network for critical infrastructure: ".secure would require visitors to use certified credentials for entry and would do away with users' Fourth Amendment rights to privacy. Network operators in the financial sector, for example, would be authorized to scan account holders' traffic content for signs of trouble. The current Internet setup would remain intact for people who prefer to stay anonymous on the Web".
Spam your Facebook friends with fake $25 iTunes offer
If your time isn't worth much, do take advantage of the free $25 iTunes gift card offer circulating Facebook. Clicking the link will lead you to a page compelling you to share the offer with all your friends, before moving on to a survey. What do you get -- other than perhaps a few dislikes from your social network? Nothing. It's a scam, blogs Graham Cluley, Sophos senior technology consultant.
The request to "share" the offer with Facebook friends should be dead giveaway the offer is fake. "You should, of course, always treat such requests with suspicion, but that hasn't stopped many people unwittingly help the scammers to spread their links far and wide across Facebook", Cluely warns.
No one shot President Obama, Fox News Twitter account hacked
The alarming tweets that went out a few hours ago are false, according to Fox News. They claimed that President Barack Obama had been shot while campaigning, which itself is red flag something wasn't right. What president would campaign on America's Independence Day nearly 18 months before the election?
"FoxNews.com's Twitter feed for political news, FoxNewspolitics, was hacked early Monday morning", according to a report by Fox News. "Hackers sent out several malicious and false tweets claiming that President Obama had been assassinated. Those reports are incorrect, of course, and the president is spending the July 4 holiday with his family. The hacking is being investigated, and FoxNews.com regrets any distress the false tweets may have created".
Phishers have found a new use for Google Docs -- stealing your identity
The free cloud applications, particularly Google spreadsheets, are gaining popularity as a phishing platform. I knew the Google Docs spreadsheet was good for something.
One of the main jobs of a phishing site in selling itself is to come from a trustworthy domain, and that's why Google Apps is so popular. Nobody is going to block *.google.com or even spreadsheets.google.com. So not only will some people be more inclined to believe that a phishing page is genuine, but it's less likely to be blocked by reputation systems. You even get to use HTTPS on your attack page, courtesy of Google.
Have cybercriminals created the perfect botnet -- undetectable and indestructible?
Up until now, those fighting against botnets have had some measurable success in taking them down. However, the newest botnet on the block may be a hard nut to crack, and at least one security firm is calling it nearly indestructible.
Kaspersky Labs says the TDL botnet contains about 4.5 million computers, and uses a variety of measures to avoid detection by antivirus programs. Furthermore, communications between an infected PC and the host are encrypted, making it harder to decode what the botnet may be doing, and it disables other malware.
LulzSec is gone, but #AntiSec antics live on with new hacks and data dump
Now operating under the #AntiSec banner, the LulzSec hackers are still busy causing trouble. The latest data dump posted to torrent sites goes after several governments worldwide as well as both Viacom and Universal Music Group.
"While the LulzBoat is still sailing with us (albeit not with the LulzSec flag), the objective of #AntiSec is different," the description of the torrent reads. "#AntiSec is more than Lulz and more than even Anonymous: It is our true belief that this movement has the capability to change the world. And should that fail, we will at least rock the world."
With LulzSec gone, Anonymous ramps up attacks
LulzSec may have faded off into the hacking annals of history, but Anonymous isn't resting. The group on Monday released a file of what appears to be a cyberterrorism training manual. It is not clear how the group obtained the document.
"Little teaser while we work on the actual release: Ever interested in anti-cyberterrorism training?" a tweet from a Twitter account associated with the group reads. The manual appears to come from FEMA's Counter Terrorism Defense Initiative and is dated from 2009.
What is LulzSec afraid of?
Or stated differently: Have the ill-winds of fate caught the Lulz Boat's sails?
Today, quite unexpectedly, LulzSec Security announced its retirement. "This is our final release, as today marks something meaningful to us. For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could", according to a statement from the hacker group. "Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind -- we hope -- inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love".
LulzSec victim: 'They are terrorists!'
Editor's note: Yesterday, hacker group LulzSec Security released a cache of documents taken from Arizona Dept. of Public Safety servers. The data dump included personal information, such as home address and spouse's name, for cops. Here, a victim from an earlier LulzSec data dump -- 62,000 stolen usernames and passwords, many connected to public services like AOL and Gmail -- has something to say about the group. This commentary is edited together from separate emails. Fearing reprisals, the LulzSec victim requests anonymity, so we can't fully verify the story. But based on email exchanges we're confident it's legit.
The feelings that morning as all my accounts were being shut down for no apparent reason was like my experience in Washington, DC on 9/11-- initially confusing. Then as news reports leaked out and I realized that I was a target, the panic ensued. Just [like] we were hearing that our building might possibly be a target of an aircraft on 9/11.
LulzSec outdoes WikiLeaks in stunning disclosure of Arizona documents
Would WikiLeaks be so bold as to release personal information -- like home address and spouse's name -- of cops? That's exactly what hacker group LulzSec Security did late today. The hackers took the sensitive information from Arizona Dept. of Public Safety servers. The agency has confirmed the data breach.
Key takeaways you'll find in this post: 1) LulzSec chose a target that would be divisive regarding public opinion -- is this a hacktivist/anarchist group of do-gooders or terrorists? 2) One victim of LulzSec's earlier data disclosure calls the group "terrorists". 3) A Betanews poll finds respondents to be equally divided about whether LulzSec is a hacktivist group revealing secrets or cybercriminals who should be prosecuted.
You can't trust consumers to protect themselves
Whatever happened to disposable credit card numbers? They're a great idea and they can work really well, but few banks offer them and even those don't push them really hard. The problem is users: To use these numbers, users would have to think about their own security.
Almost every security proposal, especially the really broad ones, has an element of user education in it. "We've got to train users to look for these things and avoid them" or something to that effect. Many security experts will sigh and tell you that it's like teaching math to your dog. Not only will they not learn it, they don't even get the point.
Are LulzSec hacktivists or cybercriminals? [poll]
I awoke this morning to find my wife watching "WarGames", the classic 1980s hacker movie. That got me to thinking about hacker group LulzSec Security, which has been mighty busy this month. Is it a group of stereotypical, mischievous hackers or dangerous cybercriminals? Under the law, the distinction is meaningless. But your answer means something to me and to other Betanews readers.
Please answer the simple poll below and respond in comments. I normally despise anonymous comments but understand if you feel the need to create a new Betanews account to respond. Or you can send email to joe at betanews dot com. Your identity or anonymity is probably safest with me. I don't give up sources.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.