Last summer, Sen. Barack Obama's presidential-campaign computers came under cyberattack from an "unknown entity." His machines weren't alone; John McCain's computers were also attacked, according to a report appearing Wednesday on the site of Newsweek magazine.
The Obama attack was initially thought to be a piece of malware downloaded from a phishing site. Newsweek reports that "the next day, both the FBI and the Secret Service came to the campaign with an ominous warning: 'You have a problem way bigger than what you understand,' an agent told them. 'You have been compromised, and a serious amount of files have been loaded off your system.'"
The McCain campaign's computer system was also compromised over the summer. Newsweek confirmed with a top McCain official that the FBI had become involved. A federal investigation into both attacks is under way.
According to Newsweek Editor at Large Evan Thomas, the FBI and White House officials told the Obama campaign that a foreign entity or organization was likely responsible, not political opponents. Independently, Obama technical experts have speculated that the hackers were Russian or Chinese. The files accessed appear to be policy-related and thus potentially useful in future negotiations with a new presidential administration.
Earlier this year, during the primaries, an online prank had the Obama campaign site redirected to Sen. Hillary Clinton's campaign site.
The Newsweek report is part of a special edition that will be on newsstands November 6 through 16, and online November 5 through 7.
A new attack on PayPal could have allowed users who thought they were on a trusted page to access a fraudulent page and possibly expose personal information. On Friday, Finnish researcher Harry Sintonen reported the vulnerability on an IRC chat room.
In an interview with Netcraft, Sintonen said the issue was critical. "You could easily steal credentials." He added that in this case you can't trust the URL http://www.paypal.com.
A few weeks ago PayPal announced it would block users whose browsers did not support EV SSL. Sintonen, who is credited with finding an XSS attack on Barack Obama's Web site in April, said his vulnerability also affected EV SSL pages.
In response, a PayPal representative said: "At PayPal, we take safety and security very seriously. As soon as we were informed of this exploit, we began working very quickly to shut it down. To our knowledge, this exploit was not used in any phishing attacks.
"However, as in any phishing incident, we encourage our customers to contact us immediately if they believe they have given out any personal or financial information that would jeopardize the security of their accounts or lead to unauthorized account access. If an unauthorized withdrawal or purchase is made on a PayPal account, PayPal will reimburse that customer 100 percent. We encourage all of our customers to frequently check the status of their accounts to ensure security."
- prev
- 1
- next
