Archive for October 31, 2016

Australian Red Cross suffers Massive Data Breach

(PC-Google Images)
In a major data breach, the personal details of more than half a million blood donors was compromised in a major hack at the Australian Red Cross.

The compromised records, made up of registration data for 550,000 people from 2010 to 2016, included names, addresses, dates of birth, blood types, phone numbers and last donation dates.

Australian Red Cross Blood Service chief executive Shelly Park said at a press conference in Melbourne on Friday that the data had been accessed by an “unauthorised person”. She said access to the file had been shut down and that forensic experts were now helping the organisation with their investigation.

“The type of information included in the files include name, address, and personal details that come about from completing our short questionnaire, which is a bit like a gateway to see whether people can go ahead to donate blood. I wish to stress that this file does not contain the deep personal records of people’s medical history or of their test results. We are notifying donors as early as we believe we can, and we are notifying donors today”, said Park.

"It is vitally important that people who generously want to give blood are not deterred by this – every Australian may need a blood transfusion at some time and we hope people will continue to make their contribution and to feel confident that their personal details will be protected”, added Park.

Australia’s computer emergency response team, AusCERT, is also working with the organisation to address the problem. The Blood Service said it has already contacted the Australian cybersecurity centre, the federal police and the Information Commissioner's Office (ICO).

Russia Shuns Off E-mail Breach From Putin’s Aide’s Account

(Vladislav Surkov / pc-Google Images)
Russia has brushed off hacking allegations and challenged the authenticity of leaked e-mails purportedly from the inbox of presidential aide Vladislav Surkov.

Hacking group ‘CyberHunta’ has published around 2300 emails between September 2013 to November 2014, when Russian military invaded Ukraine and annexed the territory of Crimea. 

Kremlin spokesman Dmitry Peskov didn’t oppose the leaked documents but challenged their authenticity, saying that Surkov, a longtime adviser to President Vladimir Putin, "doesn't use electronic mail."

"I can tell you: This is not him," he said, referring to Surkov.

According to analyst Aric Toler from the Digital Forensic Research Lab, the hacked inbox was prm_surkova@gov.ru and was likely managed by Surkov's assistants as a work account. The hackers reportedly accessed the account by infiltrating the popular Yandex web portal.

Toler found that most of the emails were of little-or-no interest. However, he wrote that it "helps lend credibility to the email's authenticity." Some emails did include political briefings on the situation in Ukraine and a "calendar of announced events."

Ukraine's National Security Service (SBU) has claimed the contents of the leaks are real, although its experts warned the files may have been altered or tampered in some way. However, a large number of the communications suggest they were handled by Surkov's underlings and include requests to pass the e-mails on to Surkov.

Surkov previously served as a key adviser to Putin on domestic political matters and currently advises the Russian president on the West-leaning former Soviet countries of Ukraine, Moldova, and Georgia.

Nude Photo Leaker Gets 18 months In Jail

(pc-Google Images)
A Pennsylvania resident has been sentenced to 18 months in jail for hacking the accounts of celebrities and leaking their nude photos and videos.

36-year-old Ryan Collins is pleaded guilty in the Celebgate case and has hacked more than 600 accounts including that of famous actresses e.g. Jennifer Lawrence, Kate Upton, Scarlett Johansson, and Kirsten Dunst.

Collins had conducted a two-year raid from 2014 to 2016 that had netted him more than 100 logins to his victims’ Gmail and Apple email accounts.

Collins accessed at least 50 iCloud accounts and 72 Gmail accounts. Collins used a scheme called phishing, in which he could get victims to provide information about their accounts in response to emails that appeared to come directly from Apple and Google.

Collins is married and has two children. He is originally from Hershey, Pennsylvania, and currently lives in Lancaster.

New OLX App Enhances Security Features

(PC-Google Images)
The new OLX app is designed in such a way that it enhances the security of the users especially women. OLX, now, comes with an enhanced security feature to help internet users who are vulnerable to spam calls and harassment.

The firm says that it will help increase the penetration of online classifieds across regions, age-groups, and categories. However, the most striking of the changes deal with security.

“With the intention of making the platform more secure, OLX has made it mandatory for all users — sellers and buyers — to register for accessing the platform,” it said. This is a marked change from current strategy in most classifieds sites. Users can register with either of the following: Facebook, Google+, and phone number. Social media logins will allow users to see mutual friends, apart from revealing the transaction history of other users, how long they have been using OLX, as well as their location.

“Mandatory log-ins will imply that there are no anonymous users on OLX anymore. It will increase the sense of familiarity amongst users,” said OLX, adding “Mandatory registration will especially help in bringing women users to OLX by providing a safer environment for them to transact in.” The other new feature, Chat First, Restrictions on Calling: have made it easier to protect user privacy.

"With our new App, we have made significant improvements on three fronts in particular. First, features such as 'Chat First' are bold, industry-first moves that along with mandatory registration enhance the trustworthiness of the platform, making our users more secure. Second, by allowing users to see products closest to them, we have tried to provide an authentic hyper-local classifieds experience based on ease and simplicity," said Amarjit Singh Batra, CEO, OLX India in a statement.

The new app also comes with "Snap and Post" feature that allows users to post an ad in as less as 10 seconds, and "Hyper Local Experience" feature that facilitates users to find great products in their vicinity, making transaction easier.

Celebgate: Hacker gets 18-Month Sentence

A Pennsylvania hacker who stole more than 100  Apple and Google e-mail accounts, including those of several Hollywood celebrities in 2014, has been sentenced to 18 months  in federal prison.

 In May this year, Ryan Collins, 36, has been pleaded guilty for  under the Computer Fraud and Abuse Act. He admitted to sending phishing e-mails to his victims for two years  and obtaining much  personal information and confidential information including nude photographs and videos.

He gained e-mail passwords of many actors like  Jennifer Lawrence and Aubrey Plaza, and singers Rihanna and Avril Lavigne.

According to the Justice Department, between 2012 and 2014 Collins “engaged in a sophisticated phishing scheme.” In 2014, he circulated the nude  celebrity pictures on the Internet. And this incidence again came to limelight when Ken Bone, admitted of viewing Lawrence's nude pictures on Reddit.

Pennsylvania US attorney Bruce Brandler said in a statement that “In some cases, Collins would use a software program to download the entire contents of the victims’ Apple iCloud backups. In addition, Collins ran a modeling scam in which he tricked his victims into sending him nude photographs.”

Investigators found that Collins had  hacked at least 50 iCloud and 72 Gmail accounts most of which belong to the women celebrities. He had faced up to five years in jail and a $250,000 fine.

“The defendant intruded into the online accounts of hundreds of victims and in doing so, intruded upon their lives, causing lasting distress,” said Deirdre Fike, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “The prison sentence received by Mr. Collins is proof that hacking into the accounts of others and stealing private information or images is a crime with serious consequences.”