Security & Privacy

Chase denies hack behind sudden account drains

JP Morgan Chase denied this evening that it had suffered a hack that many customers claimed had suddenly reduced their checking account balances to zero.

After discovering the apparently empty accounts via the Internet or mobile devices, many Chase banking customers turned to Twitter to express their frustration and show screen shots of zero balances. Other users were greeted with messages that their bank account balances were unavailable.

But a spokesperson for the bank told CNET this evening that the problem was related to an internal issue and not a security breach.

"We have a technology problem regarding customers' … Read more

What 420,000 insecure devices reveal about Web security

A researcher used a simple, binary technique to take control of more than 420,000 insecure devices including Webcams, routers, and printers running on the Internet -- and says that's just a hint of the potential for real trouble to get started.

In a SecLists posting yesterday, the unnamed researcher describes how he was able to take control of open, embedded devices on the Internet. The researcher did so by using either empty or default credentials such as "root:root" or "admin:admin", indicating how a surprisingly large number of devices connected to the Web … Read more

Two charged in theft of $40K from hacked Subway keypads

Two California men have been indicted for allegedly hacking point-of-sale terminals at Subway shops to steal at least $40,000.

Prosecutors accused Shahin Abdollahi, aka "Sean Holdt," and Jeffrey Thomas Wilkinson of hacking at least 13 point-of-sale (POS) terminals to install software that fraudulently loaded at least $40,000 onto Subway gift cards, according to an indictment unsealed in Boston on Friday (see below). The pair then allegedly used the cards to make purchases at Subway shops and sold them on eBay and Craigslist.

Abdollahi owned a Subway franchise in Southern California from 2005 to 2008 and later … Read more

Security reporter hit by 'swatting' attack

"Swatting" is what you do to a fly that's buzzing around your head. But when that fly is respected security reporter Brian Krebs, swatting is what you do to him when you want to scare him and possibly cause him serious physical harm.

As recounted by Ars Technica this morning and later today by Krebs himself, the reporter was at home and cleaning his house when he opened his front door to come face-to-barrel with at least three guns, including a shotgun, handgun, and semiautomatic rifle; numerous police officers; and a half dozen police cars.

The term &… Read more

Cyberthreats a top topic in Obama's call with Chinese president

President Barack Obama had a digital agenda in his call to new Chinese President Xi Jinping congratulating him on his new position, according to a new report.

According to The New York Times, Obama and his Chinese counterpart spoke quite a bit about cyberattacks and their impact on each other's nations. The Times, which obtained the information from White House officials, didn't specifically say what was said during the conversation. But the fact that the presidents are having an open discussion on cyberattacks indicates just how far the issue has gone.

For years now, both China and the … Read more

Reuters editor indicted on Anonymous conspiracy charge

When Matthew Keys allegedly handed over the passwords of his former employer to members of the hacker group Anonymous a couple of years ago, he probably didn't think it would lead to an indictment.

However, the U.S. Department of Justice announced today that Keys was being indicted on three counts: conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer, and attempted transmission of information to damage a protected computer.

Keys, 26, currently works as a deputy social media editor at Reuters but used to be a Web producer for the Tribune … Read more

Obama hosts meeting on cybersecurity with CEOs

President Barack Obama met with 13 chief executives yesterday to dig deeper into cybersecurity.

According to The New York Times, which first reported on the meeting, the discussion took place in the White House Situation Room and was a "two-way" exchange of information between the president and the chief executives.

AT&T CEO Randall Stephenson, along with chief executives at Exxon Mobil, Bank of America, and JPMorgan Chase, were all in attendance, according to the Times.

Over the last several weeks, a slew of companies has been hit with cyberattacks. Online banking sites have also been targeted. … Read more

Doctors 'used fake fingers' to clock in for colleagues at ER

I feel sure this story might be an inspiration to some, especially those who enjoy showing solidarity for their fellow worker.

For it seems that several doctors in Sao Paulo, Brazil, decided there was a way to fool the biometric scanners on which they clocked in with their fingers.

They allegedly created more fingers. Fake ones, out of silicone.

As AFP reports, an investigation by Globo television showed a doctor using the fake fingers to fool the machines.

The machines dutifully printed out a paper record of a doctor's attendance, when he or she wasn't actually there.… Read more

Google rolls out initiative to help hacked sites

It's not pretty when a Web site gets a "this site may be compromised" or "this site may harm your computer" status note. Many webmasters and Web site owners can be at a loss of what to do in these situations.

For this reason, Google has launched "Help for Hacked Sites" informational series, which has a dozen articles and videos aimed to help people avoid having their sites hacked and also teach them how to gain back control of compromised sites.

"Every day, cybercriminals compromise thousands of websites. Hacks are often invisible … Read more