News briefs: Anonymous strikes again, Chinese hackers penetrate Morgan Stanley, FTC goes after spam operator and more
»The loosely affiliated hacker collective known as Anonymous defaced the website of the Westboro Baptist Church in Kansas, known for its extreme anti-gay stance, amid an ongoing feud. The site was defaced during a radio interview between Westboro spokeswoman Shirley Phelps-Roper and an Anonymous member. Anonymous said it infiltrated the website via an unnamed zero-day vulnerability.
»Chinese hackers that attacked systems at Google and Adobe also infiltrated global financial services firm Morgan Stanley, according to internal emails stolen from HBGary, a security firm that was working with the bank. The financial institution was one of those targeted in a series of coordinated attacks that have been dubbed Operation Aurora.»A new banking trojan can keep online account sessions open after customers believe they have logged off, enabling criminals to surreptitiously steal money, researchers at security firm Trusteer warned. Eastern European cybercrooks are using the trojan, dubbed OddJob, to attack banking customers in the United States, Poland and Denmark. The malware hijacks victim's online banking sessions using their session ID tokens – unique identifiers assigned to a user who has logged into a website. OddJob is not as prevalent as other banking trojans like Zeus or SpyEye, but researchers believe it will become a greater threat as crooks refine it.
»In light of the former Egyptian regime's move to cut off internet access as a means to silence protesters, critics of a U.S. Senate proposal worry it would give the president similar authority in the United States. The Cybersecurity and internet Freedom Act, introduced by Sens. Joe Lieberman, I-Conn.; Susan Collins, R-Maine; and Tom Carper, D-Del, is a revised version of a controversial bill that critics said would give the president the power to shut down the internet. The updated legislation contains language prohibiting such action, the senators said. Detractors argue that it still gives the government too much power.
»The Federal Trade Commission (FTC) asked a federal judge to shut down a spamming operation that sent millions of text messages advertising debt relief and loan modification services to U.S. consumers. The consumer protection agency normally brings complaints against email spammers, but this is the first such action against a junk mailer using SMS messages. The defendant, Phillip Flora of Huntington Beach, Calif., sent more than 5.5 million unsolicited text messages, sold consumers' wireless numbers to third parties and advertised his services, according to a complaint filed by the FTC
»Less than a month after the dating site PlentyOfFish sustained a breach of customer data, rival eHarmonySQL injection confirmed that a hacker gained access to its users' information. The intruder leveraged an vulnerability on a secondary eHarmony advice site to obtain a file containing usernames, email addresses and hashed passwords. The advice site uses separate databases and web servers than the main eHarmony dating site, which was not affected. eHarmony said it closed the vulnerability and notified affected customers.
» Errata Owing to a production error, on the Opinion page of the March issue (page 18), we spelled Jeff Nielsen's name incorrectly. Our apologies.