Archive for the ‘Data breach’ Category

The Sony hack is different: this time its extortion, threats and shooting the hostages. Leon Paneta’s “cyber Pearl Harbor”?

Sony hacked again

 Eric De Grasse, Chief Technology Officer / Gregory P Bufithis, Founder

12 December 2014 – Poor Sony. On 25 November the hackers paralyzed Sony Pictures’ computer systems, forcing the company to send some staff home while others had to use pen, paper and fax machines across its international offices. The studio could only watch while films such as musical remake Annie, scheduled for a Christmas cinema release, were leaked to file-sharing networks.

Now the hack is causing more collateral damage than just a few movies leaked onto the internet. Amongst a batch of emails made public by the hackers were several racially tinged emails about President Obama’s imagined movie tastes. And references to “a minimally talented spoiled brat” and a “rampaging ego” and a “bipolar 28-year-old lunatic”. Such language! You’d only hear that in … well, a movie.

All these things are the sort of stuff which most corporate networks have. But they just prefer they were not made public, which is exactly why the Sony hack was so embarrassing. And teams of lawyers are going through all … Read more

Developer loses his single-letter Twitter handle through extortion by a hacker: the horror side of social media



30 January 2014 –  Naoki Hiroshima, creator of Cocoyon and a developer for Echofon, writes at Medium that he had a rare one-letter Twitter username – @N – and had been offered as much as $50,000 for its purchase. “People have tried to steal it. Password reset instructions are a regular sight in my email inbox” he writes Hiroshima. “As of today, I no longer control @N. I was extorted into giving it up.” 

Hiroshima writes that a hacker used social engineering with Paypal to get the last four digits of his credit card number over the phone then used that information to gain control of his GoDaddy account. Most websites use email as a method of verification. If your email account is compromised, an attacker can easily reset your password on many other websites: “By taking control of my domain name at GoDaddy, my attacker was able to control my email.” 

Hiroshima received a message from his extortionist: “Your GoDaddy domains are in my possession, one fake purchase and they can be repossessed by godaddy and never seen Read more

The Target data breach: a better understanding through credit card anatomy

Target data breach


By: Gregory P. Bufithis and Eric Degrasse


27 December 2013 – Consumer frustration and outrage over the Target credit card breach is moving from Facebook and Twitter to the courts and state governments even as the stolen accounts are flooding the black market. Meanwhile, millions of the card accounts stolen have begun showing up for sale on the black market. Brian Krebs of … the security reporter who initially broke the news about the breach … said “credit and debit card accounts stolen in (the Target breach) … have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card.”

Sharon Nelson of Sensei Enterprises detailed the Krebs report in a recent piece on her blog (click here).

Adrian Sanabria of 451 Security (part of 451 Research) has written a blog post that goes further because … as he says … the “recent Target breach has led to some confusion, which I will try to clear up here. Read more