News briefs: South Carolina breach, MiniFlame and more
»The state of South Carolina suffered a massive breach after hackers stole 3.6 million Social Security numbers and 387,000 credit and debit card numbers of residents. The incident affected the state's Department of Revenue, and any person who filed a South Carolina tax return since 1998 was asked to monitor their credit reports for potential fraud. About 80 percent of the state's 4.5 million residents was impacted.
»Researchers at Kaspersky Lab detected MiniFlame, also dubbed SPE, an information-stealing backdoor that works independently, or as a module of Flame and Gauss. The malware was discovered on about 50 to 60 machines, with its central purpose being to zero in on high-profile targets pinpointed in Flame and Gauss espionage campaigns. MiniFlame's capabilities include capturing screenshots while victims run specific programs or applications or using USB drives to store data collected from infected machines, but which aren't connected to the internet.
»Barnes & Noble yanked PIN pads from all of its nearly 700 stores nationwide after discovering that scammers tampered with the devices at 63 locations to carry out card-skimming fraud. The company disconnected the point-of-sale devices in September, but waited until late October to notify customers of the breach, while the FBI began looking into the matter.
»Security researchers at RSA warned citizens that a sophisticated plan is being hatched online to raid the bank accounts of customers at some 30 banks in the United States. Based on an analysis of “underground chatter,” researchers determined that a Russian-speaking cyber gang is preparing to launch a large-scale attack in which fraudsters will infect victims' computers with a trojan similar to Gozi, enabling the swindlers to initiate unauthorized wire transfers by hijacking live banking sessions.
»A U.S. District Court judge in California absolved Sony of several charges levied against the electronics giant in a class-action suit that followed the 2011 breach of its PlayStation Network and on-demand entertainment service Qriocity. Claims against Sony, which include negligence, unjust enrichment and bailment, were dismissed in October. The April 2011 breach at Sony affected 77 million users, which eventually resulted in a class-action suit where complaints alleged that Sony protected its proprietary information, but failed to properly safeguard data related to its customers.
»British courts ruled that Gary McKinnon, who was accused of hacking computers belonging to NASA and the U.S. military, will not face extradition to the U.S. – an outcome McKinnon battled for years following his 2002 arrest. Britain's Home Secretary Theresa May withdrew the extradition order against him in October, citing that McKinnon suffered from Asperger's syndrome, a form of autism, and that extradition would put him at a high risk of committing suicide. McKinnon, 46, would have faced up to 60 years in prison if extradited to the United States, as he was accused of hacking into 97 computers belonging to the government, including those of NASA, the Pentagon, Air Force, Army and Navy. He allegedly deleted and accessed sensitive information on the computers from his London home between 2001 and 2002, costing the government $700,000 in damages.