LizardSquad sounds like a name from a video game. Unfortunately they are a hacking group that attacked Sony’s PlayStation and Microsoft’s Xbox networks over Christmas. They were indeed successful at taking both networks down on Christmas day.
So who are these guys?
Of course we don’t really know because anonymity is their best defense. Two people that claim to be the LizardSquad did an interview with BBC. You can read about the interview over at Krebs. But what we do know is that the attack was not a very sophisticated one. It was a simple DDoS attack, the surprising thing is that the PlayStation network in the Xbox network was so vulnerable to a common or basic type of attack. It appears the group was really looking for fame and perhaps some money – which they got in the form of $300,000 worth of vouchers from Megaupload.
It seems unlikely we will hear from this group again as one person has been arrested in Finland and there are reports that a second person is being sought at this time.
Hopefully they did not interrupt your Christmas plans – although we have a PlayStation and an Xbox here they are rarely used so they did not interfere with my Christmas.
Happy new year!
– Dave
According to welivesecurity.com
…Jan Krissler, claims to have ‘copied’ the thumbprint of Germany’s Defense Minister from standard photos, in machine-readable form.
Does this mean that fingerprints are not a secure biometric method?
We can expect that as more devices rely on fingerprints to secure them, the evil hackers will be working on ways to overcome fingerprint readers. 2 Factor authentication is the best method for keeping your information safe.
You can read my blog on 2 factor authentication here, or watch a video of how to use with gmail here:
-Dave
If you have an Amazon, Xbox Live, or Playstation network account, you will want to at the very least change your passwords and monitor the credit card linked to the account.
-Dave
Wishing everyone a Merry Christmas and Happy New Year!
-Dave
The FBI released a statement today concluding that North Korea was involved with the hack of Sony Pictures. From FBI Statement:
-
Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
-
The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
-
Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
The full text of the FBI statement can be read here.
-Dave
The Federal Reserve bank of Minneapolis released its 2014 payment fraud summary survey of banks. Why is this interesting? From the executive summary:
Payments fraud remains a significant concern for financial institutions and other corporations in the ninth district and surrounding region. While financial institutions are much more likely to report payment fraud attempts (75% experienced attempted fraud) and losses (70%) than non-financial companies, the proportion of financial institutions reporting fraud attempts and losses has actually decreased since 2012, when most respondents reported fraud attempts (94%) and losses (90%).
While attempted payment fraud has decreased over the past two years from 94% to 75% is still at a very high level. The financial institutions have been implementing stronger fraud prevention techniques which are beginning to have some success. Beginning in October 2015, merchants that haven’t installed a card swipe terminal that accepts chip cards will be liable for all the fraud involved with a chipped card. This policy is making the merchants accept some of the burden of fraudulent charges. Currently the financial institutions bear the majority of the direct cost of fraudulent charges.
In 2015 if you have the option to change your credit or debit card to a chipped card I would recommend that you do so. This will better protect you and your financial institution from having your information “stolen.”
I have been wondering why the financial institutions don’t change their credit and debit cards from an “always on” model to a model where your credit card is “always off.” In other words when I go to purchase something at the store when I am ready to complete the purchase I tap an app on my phone and turn on the card for a single purchase and it automatically turns the card off after the transaction is complete. This model would certainly cut down on the amount of fraud that is generated, and it appears that we have all the technology we need to accomplish it.
The full text of the Federal Reserve fraud summary can be read here:
2014PaymentsFraudSurveySummaryofRegionalResults
-Dave
We may need to change the name from the Holiday Season to the Hacker Season. How does “Happy Hackers” sound.
It doesn’t sound good to me either.
Krebs is reporting that Bebe Stores inc. is the latest victim of a data breech as reported by Krebs:
Data gathered from several financial institutions and at least one underground cybercrime shop suggest that thieves have stolen credit and debit card data from Bebe Stores Inc., a nationwide chain of some 200 women’s clothing stores.
The full article can be read here.
-Dave
You must be logged in to post a comment.