On Monday morning this time of year, I can count on two things – there will be new US College Football rankings, and there will be some new “cyber” breaches and defacements. As for football, it was kind of boring – blah blah blah Alabama blah blah Nick Sabin doesn’t deserve it blah blah… In contrast, the information security news certainly wasn’t boring – this was a busy weekend for cyber attack news!
Here are my quick thoughts on a few of the more visible events:
- “Hacktivists” claim to have stolen 28,000 passwords from PayPal – We all know attribution is sketchy (at best) but someone claiming to be Anonymous claims to have stolen almost 28,000 user credentials from PayPal this weekend. PayPal says they haven’t found evidence that their data has actually been breached, but this could be a big deal After all, this is PayPalwhich means money is involved.I’m so glad I bought one of the PayPal tokens and attached it to my account last year – if you aren’t using multi-factor authentication for PayPal, now is the time – they have soft tokens using your smartphone, as well.
- NBC Sites Defaced for Guy Fawkes Day – In case you didn’t know, today is Guy Fawkes Night in the UK so there will be a lot of froth (the masks seen in “V for Vendetta“ are Guy Fawkes masks, in case you haven’t heard). This attack defaced NBC’s main web page and portions of its main web site for several hours, along with NBC’s portal sites for Saturday Night Live, Late Night with Jimmy Fallon, and The Tonight Show with Jay Leno. Defacements are annoying, of course, but there are also (unverified) claims that the attackers sole user names and passwords from the NBC site. We’ll see… theft of NBC.com credentials could be inconvenient, embarrassing, etc. but it’s unlikely we’ll see any direct financial loss to site users from this.
- VMware kernel source code stolen and leaked – This is one to watch, because we don’t yet know how (or whether) it can be leveraged to attack production VMware installations. This seems to be an older version of the source, but since it is kernel code (very deep, low-level functionality) it is possible that a fair percentage of the code is either still in use, or is very similar to current source code. This is another one that is claimed by “Anonymous” which, of course, means very little other than it is likely someone with an anti-corporate agenda. As we know, Anonymous is a highly-visible banner for anyone who wants to claim they are part of it.
- [Update – 12:35pm Pacific time, 5 November] Anonymous is threatening Zynga and Facebook – This one hasn’t happened yet, but it is getting a lot of hype so I’ll be watching it closely. For now, let’s break it down…
- First, the rumor of Anonymous “taking down Facebook” has been floating around for weeks. Not surprising, as Facebook is such a public target. Anonymous has been denying this via their Anonymous Press twitter feed, but the rumors persist.
- More recently, this has swollen to encompass Zynga (maker of Farmville, Words With Friends, and a bunch of other addictive games). Seems word of Zynga possibly laying off a bunch of employees was leaked a few weeks ago, and Anonymous didn’t like it then Zynga actually confirmed the layoffs about 10 days ago. Seems like a “normal” business event to me, since they over-hired (or underperformed) and needed to “right-size” their workforce. In that environment, feels like a “lay some people off now, or end up laying everyone off in a little while” choices – not fun, but necessary. Apparently, Anonymous does not like sustainable business or something.
This is only scratching the surface, and some of the information you’ll see is either very vague and unsubstantiated, or outright bogative. We’ll likely see a lot more traffic around this in the coming days – both real and imagined – due to the Anonymous+Occupy+Guy_Fawkes formula and the hacktivists who’ll be glomming on to this meme. Just make sure you don’t wear a mask to the protests in Canada…
For a more comprehensive running total, you may want to take an occasional look at sources like Violet Blue’s run-down of November 5th-related incidents, and even Anonymous Press’s Twitter feed.
What is your company doing – if anything – in response to all of this?