News briefs: Anonymous strikes again, massive cyber fraud scheme busted, certificate authorities, and more»The Anonymous hacktivist collective struck again in late December, posting 200 GB of information on customers of security think tank Stratfor that it harvested from a hack of the company's servers.The group said the action was partly a response to the treatment of Bradley Manning, the U.S. Army intelligence analyst accused of downloading confidential files that became public when published by WikiLeaks.
»The Manhattan district attorney's office announced the indictments of 55 individuals charged as part of a massive cyber fraud scheme with stealing more than $2 million from Chase, TD Bank, Citibank, Discover and American Express. The crime ring also stole the identities of at least 200 individuals and organizations. Members relied on rogue insiders at banks and other businesses to steal the personal information belonging to customers, prosecutors said.»A consortium of certificate authorities (CAs) and software vendors released the first industry standard for the issuance and management of SSL certificates. The standard follows a series of embarrassing attacks in 2011 against CAs, or companies that sell the digital SSL or TLS certificates, which are used by websites to validate their identity to visitors. The guidance, released by the CA/Browser Forum, addresses CA security, privacy and confidentiality. The standard, set to go into effect on July 1,is not mandatory unless software vendors adopt and enforce it.
»Experts warned that a controversial anti-copyright bill making its way through Congress could have unintended consequences for internet security. The Stop Online Piracy Act is intended to fight music and movie piracy by allowing the government to block access to websites that contain pirated content. Those in the security industry said it would undermine efforts to bolster internet security through the implementation of DNSSEC, a set of extensions designed to provide authentication of DNS data.
»A Connecticut woman pleaded guilty to participating in an ATM skimming operation. Gabriella Graham, 21, of New Haven, helped produce cloned cards using details stolen from bank customers who used compromised ATMs. Prosecutors said members of the racket fitted skimming devices and PIN-reading cameras on cash machines at 11 banks and credit unions. In total, 250 accounts were victimized, resulting in losses of more than $336,000.
»Twitter, which recently acquired year-old Android security start-up Whisper Systems, announced it was making some of the company's open-source code publicly available on GitHub. The first code is for TextSecure, an encrypted SMS application for Android devices. Twitter expects to release all of Whisper's code as soon as it “meets legal requirements and is consumable by the open-source community.”
»The Federal Trade Commission (FTC) will partially reimburse some 300,000 people who fell victim to a scam in which they purchased rogue anti-virus products to fix problems that didn't exist. The money comes from an $8 million settlement between the FTC and several parties accused of spreading so-called scareware products, which are sold to consumers after they are made to believe their computers are infected with malware. The FTC expects to award each victim around $20, but it could be more depending on individual loss.
»GlobalSign, a Portsmouth, N.H.-based CA that briefly halted the issuance of SSL certs over fears it had been hacked, has determined its CA infrastructure was never compromised. Through its investigation, the company found no evidence of any bogus certificates being issued or customer data exposed. During its probe, GlobalSign did confirm that a “peripheral web server” – not connected to any CA systems – had been breached. During the attack, the SSL certificate and key for www.globalsign.com was compromised, and subsequently revoked.