Who Will Be Next Victim in Breach and Hacks? Nintendo Joins List Including Google, RSA Security, PBS, Lockheed Martin, Sony

By Stephanie Jordan
in

While only half-way through the year, 2011 may be best remembered as the year of spectacular hacking and breaches. The headlines this year are full of well-known brands being attacked. From the RSA Security breach earlier this year, to news that Lockheed Martin had been compromised, to Google admitting that Gmail hackers have targeted U.S. government and military personnel, there is no shortage of news on the subject of hacking.

While Google is pointing an accusing finger at China, which China denies, others are wondering why government personnel have Gmail accounts at all. In a Friday post Sharon Gaudin asks that very question and quotes Brad Shimmin, an analyst with Current Analysis, who says Google has been “pushing hard to get government agencies - all the way from small and local to big, federal organizations - to move to Google Apps.” The article goes on to offer more possible reasons for having the accounts.

But Google, while perhaps the most well-covered, is not alone in its troubles. Hotmail and Yahoo! Mail have also reported being targeted. These phishers are very exacting moving from spear-phishing (the targeting of a specific organization) to possible whaling (the targeting of a particular person). A number of blogs have offered possible reasons behind the attacks – I found Nart Villeneuve with Trend Micro account interesting reading.

Also, don’t miss reading last week’s: How to Stop Your Gmail Account Being Hacked by Graham Cluley, senior technology consultant with Sophos, where he suggests steps to reduce the chances of your Gmail account being hacked:

  • Set up two-step verification
  • Check if your Gmail messages are being forwarded without your permission
  • Where is your Gmail account being accessed from?
  • Choose a unique, hard-to-crack password
  • Secure your computer
  • Why are you using Gmail anyway?

Meanwhile, Lulz Security (or LulzSec) is loud and proud of its recent exploits – which include compromising PBS’s website and posting a story that Tupac Shakur is “alive and well” as well as infiltrating servers at Sony Pictures. The group is also taking credit for replacing the homepage of a FBI partner (InfraGard) with a YouTube joke video and publishing an internal configuration file for one of Nintendo’s U.S. servers.

In the case of InfraGard, according to reports, “The server’s user database was apparently not properly protected. LulzSec published the personal data of 180 InfraGard members and a number of passwords in plain text. They also made 700 MB of emails available as a torrent download.”

Further, the group tested the InfraGard user database and found that many of the passwords were being re-used on other websites making the payload even sweeter.

In the case of Sony, LulzSec compromised millions of user records gaining access to names, passwords, email addresses, birth dates and home addresses. After the multiple attacks, Sony’s brand is reeling amid questions of poor data management.

In the wake of the PBS hack last week, Chester Wisniewski, a senior security advisor at Sophos Canada wrote in a blog last week, “Whether you are related to political causes or not, an easy way to ensure you aren’t the next victim is to make sure that you protect the information you are entrusted with. Data stored insecurely is a bomb waiting to detonate. Security must be a proactive attitude because reacting is simply too dangerous.”

Hear, hear.

Published June 7, 2011