SEA Strikes Again
The middle of last week's information security news was dominated by the latest actions by the Syrian Electronic Army (SEA) who hit not only the New York Times, but also Twitter.
Neither is bulletproof and both have been hit in the past; most notably in February of this year when Twitter and the New York Times both suffered major attacks, with the latter tied to the APT1 activity uncovered by Mandiant.
In last week's incident, the SEA attacked the New York Times' domain name registrar, Melbourne IT, with the website first going down around 3pm and once service was restored, there were further disruptions. According to the New York Times CIO Marc Frons, the disruption affected the website well into Tuesday evening and was “the result of a malicious external attack.”
The New York Times also reported that Twitter's domain was being redirected, with the social networking site saying that the domain name records for one image server, twimg.com, were modified, affecting the viewing of images and photos for some users.
According to a report by The Guardian, the attack was directed at the Australian registrar, Melbourne IT, who separately confirmed that it had been the cause of the failure. It reported that the attackers were able to acquire the user login and password for a US-based reseller via a spear phishing email and then use that to change the registration details of the New York Times and Twitter so that they pointed to the servers of their choice.
China’s DoS
It was not just media who suffered hacking incidents last week though, with China reporting the biggest distributed denial-of-service attack on its .CN network, leading to a shutdown of IP addresses using China's top-level domain for up to four hours. Speaking to the Wall Street Journal CloudFlare CEO Matthew Prince said that his company saw a 32% drop in traffic for the thousands of Chinese domains on the company’s network during the attack period, compared with the same timeframe on Saturday.
According to a report by the BBC, the China Internet Network Information Center (CNNIC) apologised to the affected users and said it would "enhance the service capabilities" of the network responsible for the affected domains.
PRISM: The Next Chapter
In a continuation of one of the biggest stories of the year, v3 reported that the US National Security Agency (NSA) claims its agents only saw 0.00004 per cent of the world's web traffic while conducting their PRISM missions, while the Washington Post revealed that the NSA has its own group of elite hackers named “Tailored Access Operations” (TAO), who played a key part in collecting intelligence from mobile phones that were used by al-Qaeda operatives and other ‘persons of interest’ in the bin Laden hunt.
According to a profile by Matthew M. Aid for Foreign Policy, TAO is a highly secret but incredibly important NSA program that collects intelligence about foreign targets by hacking into their computers, stealing data and monitoring communications. Aid claimed that TAO is also responsible for developing programs that could destroy or damage foreign computers and networks via cyber-attacks if commanded to do so by the president, the Post speculated links to Stuxnet and Flame.
Facebook. Again.
Going back to social networking sites, it was a busy one for Facebook, as it was first revealed that Zuckerberg's project was not only the subject of 1,975 requests from UK authorities for data of 2,300 users. As reported by Infosecurity,a total of 68% of these requests for data were granted by Facebook; while its general counsel said that the information was released in order to prove that while it complied with the laws when required, it did not hand over data to the government whenever asked.
However the site has put itself into a fresh privacy spin with the news that it is thinking about adding profile pictures of every single one of its 1.1 billion users to a face recognition database, in order to be used in the “Tag Suggest” feature. As with most past Facebook privacy options, users who don’t want their pictures to be included will have to manually opt out of this process.
Finally the week didn't end well for Facebook either, with a judge's ruling that it must pay $20 million in compensation to five plaintiffs who alleged in 2011 that the website had used their likenesses in paid adverts without their approval. Sadly for any carpet baggers out there, Facebook users who believed that they had been affected by the sponsored stories had to complete an online claim form by 2nd May 2013, and according to a report by the BBC, approximately 614,000 claim forms were submitted, meaning successful claimants will receive $15 each.