ISSUED BY: GCIS Communications Command Center
SOURCE:
26January2011 02:15amEST
GCIS CYBER-SECURITY UPDATE:
Teen Arrested After Threatening to 'Shoot Up' His School on Facebook
By Amar Toor of Switched -
A 16-year-old high school student has been arrested in Indianapolis, after posting ominous threats on his Facebook page.
The boy, a special-needs student at Warren Central High School, allegedly wrote that he would "shoot up the school" after the Martin Luther King Day holiday. "Your dreams will be broken by Warren Central, no more Nice Guy," reads one of the suspect's posts. "I mean what I said and you are going to die tomorrow, every last one of you," declares another. (read more)
Spotlight On Woeful Web Security In iPad Hacking Case:
by Paul Roberts of ThreatPost -
OK - you're walking down the street and you come upon this apple tree in some one's front yard. It's a lovely tree, full of ripe apples. And, just by standing on the street, you can reach into the yard and jiggle the branch of this apple tree and these lovely, ripe apples just drop to your feet. Are you stealing the apples by shaking the branch and then walking away with the fruit that falls off? Or, how about this: you're at this vending machine and the dude who was servicing it just left the door to the machine wide open, so you can reach in and take the bag of Funyuns without paying for them. Is that stealing?
Turns out, the answer is both cases is "hell yeah!" But most of us might see these types of scenarios as more ambiguous than the cut and dry "throw-the-brick-through-the-window, snatch-the-diamond-necklace-and-run-away" kind of property crime. And those ambiguities are going to be front and center in the case of the two men who were arrested, this week, and charged in the high profile hack of a server holding the account information of VIP iPad owners. (read more)
Government, Military Sites Hacked, Data and Access for Sale
By Brian Donohue of ThreatPost -
The Web site of the U.S. military's Communications-Electronics Command (CECOM) was off line on Monday after reports that access to the site was among those being fenced by hackers in an underground forum.
The CECOM home page, cecom.army.mil displayed a message saying the site was "temporarily unavailable," an apparent response to the revelation on Friday that credentials offering full administrative control to the site could be had for $499 online. The CECOM site was one of a list of U.S. and foreign military, government, and educational sites being fenced in underground forums, according to a report from Krebsonsecurity.com. (read more)
New Phishing Campaign Targets 'First Data' Merchant Accounts
By Lucian Constantin of Softpedia -
In the pool of phishing attacks targeting online banking accounts, credit card information, personal details and other online accounts, scams aiming at merchants are not very common.
The rogue emails detected by ApprRiver bear a subject of "MERCHANT ACCOUNT UPDATE" and purport to come from "FIRSTDATA SERVICES."
The message contained within reads "Dear First Data customer, please update your login. Download the attachment in this e-mail and proceed."
The attachment is an HTML document called "Update Your Account Information.html," which, when opened inside the browser, displays a spoofed First Data Global Gateway login page.
The page contains a form for inputting the merchant's store number, user ID, tax ID, phone number and password.
"Once the hacker has gained access to the First Data account they will likely have gained control over that specific merchants account," warns Troy Gill, security researcher at AppRiver. (read more)
Facebook's Zuckerberg in fan-page hack - on Facebook!
by Paul Ducklin on NakedSecurity -
According to Tech Crunch - and numerous other online technophile sites - a promiment Facebook fan page has been hacked, defaced and, as a result, closed down. (read more)
Anti-Pirate Law Firm Succumbs to Coordinated Hacker Assault
by Warren Riddle of Switched -
Andrew Crossley, the manager of the law firm ACS:Law, made a concerted effort last year to individually punish purported file-sharers. The dismissive Crossley learned a painful and public lesson in hubris, though, when agitated Web vigilantes launched 'Operation Payback is a B****' and specifically targeted the law firm. After having suffered site attacks, network hacks, leaked confidential information and government investigations, ACS:Law has apparently succumbed to the disruptive pirate pressure. (read more)
New Jersey Student Record Database Hacked
By Brian Donohue of ThreatPost -
A New Jersey school district was vandalized by members of the online mischief making group 4chan after an administrative password to a student record management system used at 160 school systems across New Jersey.
The hack occurred after the administrative account used by the Plainfield, New Jersey, school district to access the Genesis Student Information System was posted, along with the password needed to access the account: the word 'poopnugget,' according to a report on ComputerWorld. The password was posted to a 4chan message board, and from there, 4chan users infiltrated the Genesis system wreaking havoc on everything from lunch prices to the school system’s emergency broadcast system. (read more)
'uProtect.it' App Hides Your Facebook Comments From Facebook
By Amar Toor of Switched -
Facebook's customizable privacy settings may allow users to hide their comments from co-workers and ex-boyfriends, but a new tool called uProtect.it can conceal them from a much more ubiquitous observer: Facebook itself. (read more)
