Hackers Hit Ashley Madison

Via the Associated Press:

The parent company of Ashley Madison, a matchmaking website for cheating spouses, says it was hacked and that the personal information of some of its users was posted online. In addition, the person or persons behind the attack are threatening to release all of the site's personal information — including its members' sexual fantasies and financial information — if the company doesn't take Ashley Madison offline, according to a prominent security blog. Toronto-based Avid Life Media Inc. says it has had the hackers' posts — which included snippets of personal information — taken down and has hired a technology security firm. The company and law enforcement agencies are investigating. The breach was first reported late Sunday by Brian Krebs of KrebsonSecurity, a website that focuses on cybersecurity. Ashley Madison, whose slogan is "Life is short. Have an affair," purports to have 37 million members.

This is probably our fault.

Hacked?

The normally staid SCOTUSblog fired out some interesting tweets last night.

INDIANA: Hacker Takes Down State Site

Via the Indianapolis Star:

The State of Indiana's website was apparently hacked in response to Gov. Mike Pence's signing of a controversial "religious freedom" bill. The state's website, www.in.gov, had been down for several hours, according to readers, before coming back online after 3 p.m. An individual using the Twitter handle @YourVikingdom is claiming responsibility. "@IN_gov enjoy your website being #OFFLINE," one Tweet said. Another said: "#Target http://IN.GOV #OFFLINE#Vikingdom2015 #OpIndianaKnocked it down for @xxdjsethxx :)." The link goes to an article at Perez Hilton's website titled: "The Governor Of Indiana Just Signed A Religious Freedom Bill That Would Allow Businesses To Discriminate Against The LGBT Community." State officials did not immediately respond to questions from The Star.

(Tipped by JMG reader Charles)

US Military Hacked On Twitter

Via the Washington Post:

Social media accounts for the U.S. military’s Central Command appeared to have been hacked on Monday, with the command posting threatening messages on Twitter and YouTube to American troops. The first rogue tweet was posted about 12:30 p.m. It appeared to come from sympathizers with the Islamic State militant group. CENTCOM has orchestrated the U.S.-led airstrike campaign against the militants in Iraq and Syria, and is beginning to train Iraqi troops to respond to the threat in the region. The background and profile photo of the CENTCOM account were both changed to show an apparent militant and the phrases “CyberCaliphate” and “i love you isis,” using one of the acronyms for the militant group.

The Twitter account has now been suspended.

North Korea Calls Obama A "Monkey"

Via Reuters:

North Korea called U.S. President Barack Obama a "monkey" and blamed Washington on Saturday for Internet outages that it has experienced during a confrontation with the United States over the hacking of the film studio Sony Pictures. The National Defence Commission, the North's ruling body, chaired by state leader Kim Jong Un, said Obama was responsible for Sony's belated decision to release the action comedy "The Interview", which depicts a plot to assassinate Kim. "Obama always goes reckless in words and deeds like a monkey in a tropical forest," an unnamed spokesman for the commission said in a statement carried by the official KCNA news agency, using a term seemingly designed to cause racial offense that North Korea has resorted to before.

China's official news agency is also reporting that North Korea's 3G mobile phone networks are "paralyzed" today.

The Interview Is On YouTube

Available for renting at $5.95.

The Interview Gets Limited Run

Here's the list of theaters.

Dr. Evil Drops In On SNL

FBI: North Korea Definitely Did The Hack

Anonymous Vs KKK, Continued

Ancona is the Imperial Wizard of Missouri's Traditionalist American Knights of the Ku Klux Klan. From the New York Daily News:

The city of Ferguson is anxiously awaiting a grand jury's decision whether to indict cop Darren Wilson in the fatal shooting of unarmed teen Michael Brown in August. Several months of riots and unrest followed the shooting. "We will use lethal force as provided under Missouri Law to defend ourselves," Ancona and the local KKK wrote in a flyer they are circulating in Ferguson. "You have been warned by the Ku Klux Klan!" Ancona tells The News that he is not asking anyone to do anything illegal — he is just encouraging the people of Ferguson to defend themselves against protesters in case they turn violent. He was only reached after a reporter had to endure 30 seconds of pre-recorded hate speech on the Traditionalist American Knights of the KKK phone line. The Traditionalist American Knights of the Ku Klux Klan is one of five active KKK groups in Missouri, the Southern Poverty Law Center says on its website. Ancona says the group has between 4,000 and 5,000 members. He hails from Park Hills — which also happens to be the Klan's national headquarters. He also has a message for Anonymous: "We are not Internet-based," Ancona says. "If they want to come after us, they have to come out onto the streets."

Anonymous Takes Down More Hate Sites

Via Raw Story:

On Tuesday, the campaign continued, with Anonymous moving beyond the Klan to target racist websites like Stormfront.org and writing, “The aim of our operation is nothing more than Cyber Warfare. Anything you upload will be taken down, anything you use to promote the KKK will be shut down. DDoS attacks have already been sent and have infiltrated your servers over the past 2 days — d0x’s have also been launched on leaders of the KKK. All information retrieved will be given to the public.” DDoS (distributed denial-of-service) attacks are an illegal tool used by hackers to shut down a website by flooding it with so many dummy requests that the server overloads and goes offline. Anonymous is claiming to have knocked multiple Klan websites offline in several states including North Carolina, Utah and Texas, as well as a website for white supremacist group the Traditional American Knights.

In addition to taking over sites, Anonymous has posted personal information about dozens of alleged Klan members and supporters - including their home addresses and phone numbers. Several of the targeted persons have also had their credit card numbers and PINs published.

Anonymous Seizes KKK's Twitter Account In Advance Of Ferguson Decision

Yesterday afternoon Anonymous seized the Ku Klux Klan's Twitter account after the hate group threatened to use "lethal force" during any protests over the coming decision on the indictment of the Missouri police officer that killed a young black man.

The Riverfront Times reported that the St. Louis, Missouri KKK group passed out pamphlets starting, "Attention: To the terrorists masquerading as "peaceful protesters"!" The announcement stated further, "We will use lethal force as provided under Missouri law to defend ourselves." KKK leader Frank Ancona went on MCNBC Wednesday to back up the threat and claim support from Ferguson locals; the head of Missouri's KKK told media that his organization's threats to protesters had boosted KKK recruitment. The Missouri group behind the threats -- Traditionalist American Knights of the Ku Klux Klan -- is listed as an active hate group by the Southern Poverty Law Center. On Friday Anonymous began doxing (publicly revealing identities and personal information) of KKK members in the Ferguson/St. Louis area.

Prior to the hacking, the KKK spent much of the weekend taunting Anonymous for not being able to hack them. Below is the doxing clip.

UPDATE: YouTube has pulled the clip.

(Tipped by JMG reader Ray)

What Americans Worry About The Most

Via Gallup:

Americans may be more worried about hacking because a relatively high percentage of them say they have had their information hacked. A quarter of Americans, 27%, say they or another household member had information from a credit card used at a store stolen by computer hackers during the last year -- making this the most frequently experienced crime on a list of nine crimes. Eleven percent say they or a household member have had their computer or smartphone hacked in the last year, also in the top half of crimes on the list.

Although a relatively high percentage of Americans say they have been hacking victims, relatively low percentages say they reported it to the police. Slightly less than half of Americans (45%) who say they had credit card information stolen say they reported it to the police. And about a quarter of victims say they notified police about their computer or smartphone being hacked. Of Americans who say they were victims of other crimes in the last year, including stolen cars, muggings, or burglaries, an average of two-thirds say they reported them to police, higher than what Gallup finds for hacking crimes.

Home Depot Confirms Hacking

Home Depot yesterday confirmed that millions of its customers' credit cards may have been accessed by hackers.

The hack “could potentially impact any customer that has used their payment card at our U.S. and Canadian stores, from April forward,” Home Depot said in a statement, adding that shoppers online or at stores locations in Mexico do not appear to have been affected. The firm joins the ranks of other major stores, like Target and others, that have been the victims of successful, large-scale cyberattacks. Home Depot disclosed it was looking into reports of “unusual activity” on Sept. 2 and has offered free identity-theft protection and credit-monitoring services to anyone who shopped at a Home Depot store during the months in question. “We apologize for the frustration and anxiety this causes our customers,” Home Depot said.

The company says it plans to install "chip-enabled checkout terminals" at all stores by the end of the year.

Apple To Improve iCloud Security

Apple CEO Tim Cook today vowed to make it harder for hackers to access information stored on the company's iCloud service.

Cook said celebrities' iCloud accounts were compromised when hackers correctly answered security questions to obtain their passwords, or when they were victimized by a phishing scam to obtain user IDs and passwords. He said none of the Apple IDs and passwords leaked from the company's servers. To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for restoring iCloud data. Apple said it plans to start sending the notifications in two weeks. It said the new system will allow users to take action immediately, including changing the password to retake control of the account, or alerting Apple's security team.

Apple is due to unveil its latest round of products later this month.

Report: Credit Card Hack At Home Depot

Multiple banks are reporting that hackers have accessed the credit cards of millions of Home Depot customers.

The credit card information was offered for sale Tuesday on an underground site that traffics in stolen financial information, journalist Brian Krebs reported on his blog. The breach could have begun in late April or early May of this year, Krebs reported. If that is true, this incident could dwarf the Target breach, in which 40 million credit and debit accounts were compromised over a three-week period. "This latest batch of cards is for sale from the same underground store that sold cards from P.F. Chang's and Target," said Trey Ford, a security strategist at Rapid7, a Boston-based computer security company. Home Depot spokeswoman Paula Drake said she could only "confirm that we're looking into some unusual activity, and we are working with our banking partners and law enforcement to investigate." The data put up for sale were labeled "American Sanctions."

Target's CEO resigned in May after their data breach.

TweetDeck Has Been Hacked

The journalist's best friend is has been hacked.

A "cross-site scripting" (XSS) vulnerability has been discovered on Twitter's Tweetdeck client, leaving millions of users open to account hijacking and more. Twitter has shut down Tweetdeck while it fixes the problem, despite earlier promising that it had been fixed. The normal Twitter web interface, and other apps such as Echofon which use Twitter's API, do not seem to be affected. Tweetdeck is aimed at professionals and provides a web- or app-based interface to Twitter with the ability to show multiple views of different searches and users.

I often run dozens of columns on various topics on TweetDeck, which has become indispensable for breaking news bloggers since the demise of Google Reader. So this sucks.

eBay: Change Your Passwords Now

Via the Telegraph:

Online auction site eBay is telling all 233M of its users to change their passwords following a "cyber attack" which compromised a database of account information. It is thought that hackers managed to access some eBay employee log-ins which gave access to the company's corporate network. From there the attackers were able to access the database containing users' information and steal the data. The company will be sending an email to each user today to notify them of the data breach and ask them to change their password. They will also be advised to change their log-in on any other websites if they used the same password there.

Target CEO Resigns After Data Breach

The CEO of Target resigned today following a massive breach of customer data over the holiday shopping season.

"Today we are announcing that, after extensive discussions, the board and Gregg Steinhafel have decided that now is the right time for new leadership at Target," a company statement posted on its website Monday morning says. Steinhafel also resigned as chairman of the board of directors. John Mulligan, Target's chief financial officer, will serve as interim president and CEO. Steinhafel, a 35-year veteran of Target, will serve as an advisor during the transition. In a letter to the board of directors, posted to Target's website Monday, Steinhafel said, "The last several months have tested Target in unprecedented ways. From the beginning, I have been committed to ensuring Target emerges from the data breach a better company, more focused on delivering for our guests."

Information on over 100 million Target customers may have been stolen.

Cyber Monday: AOL Urges Change Of Passwords, Feds Say Don't Use Explorer

AOL was hacked today.

AOL Inc on Monday urged its tens of millions of email account holders to change their passwords and security questions after a cyber attack compromised about 2 percent of its accounts. The company said it was working with federal authorities to investigate the attack, in which hackers obtained email addresses, postal addresses, encrypted passwords and answers to security questions used to reset passwords. It said there was no indication that the encryption on that data had been broken. A company spokesman declined to say how many email accounts are registered on its system.

From AOL's blog:

AOL's investigation began immediately following a significant increase in the amount of spam appearing as "spoofed emails" from AOL Mail addresses. Spoofing is a tactic used by spammers to make it appear that the message is from an email user known to the recipient in order to trick the recipient into opening it. These emails do not originate from the sender's email or email service provider - the addresses are just edited to make them appear that way. AOL's investigation is still underway, however, we have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information.

RELATED: The federal government today urged Americans to suspend usage of Internet Explorer.

The U.S. and UK governments on Monday advised computer users to consider using alternatives to Microsoft Corp's Internet Explorer browser until the company fixes a security flaw that hackers used to launch attacks. The Internet Explorer bug, disclosed over the weekend, is the first high-profile computer threat to emerge since Microsoft stopped providing security updates for Windows XP earlier this month. That means PCs running the 13-year-old operating system will remain unprotected, even after Microsoft releases updates to defend against it.The Department of Homeland Security's U.S. Computer Emergency Readiness Team said in an advisory released on Monday that the vulnerability in versions 6 to 11 of Internet Explorer could lead to "the complete compromise" of an affected system.