Network Security, Threat Management, Vulnerability Management

News briefs: LulzSec head worked with FBI, Sony breached, and more

»Following his arrest in June for a number of high-profile hacks, Hector Monsegur, aka Sabu, continued to urge on his fellow hacktivists...while apparently in cahoots with the FBI to rat them out. When he was picked up by authorities, Monsegur was helping to lead LulzSec, an offshoot of Anonymous. According to the FBI, his statements helped law enforcement charge five other people with roles in hacks.

»A judge granted a request to allow for a four-month extension of the operation of temporary DNS servers, allowing PCs infected with DNSChanger malware to stay connected to the internet until they are swept clean of the trojan, which is responsible for disabling anti-virus and software updates for users, as well as redirecting infected computers to malignant sites. The replacements of the rogue servers used in the malware distribution will not be disconnected for a few months, giving businesses and governments additional time to react to the infections. The FBI is currently seeking the extradition of six Estonian nationals linked to the attacks.

»Hackers ripped off an estimated 50,000 music files, involving Michael Jackson's entire back catalog, from Sony's internal music-sharing site. Discovered nearly one year ago through Sony's routine monitoring of social networking sites, the attack came to light only last month. Sony Music was in possession of the files after striking a deal with Jackson's family. While Sony has not confirmed the amount of music that was stolen or the artists whose work was involved in the attack, two suspects were reportedly arrested not long after the breach was detected.

»Eight Republican senators, led by John McCain, introduced cyber security legislation that would counter the bipartisan Cybersecurity Act of 2012 already under consideration. The new bill, known as the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology, or SECURE IT Act, would do away with the regulatory oversight bestowed by the bipartisan measure on the U.S. Department of Homeland Security and would instead rely on incentives to spur critical infrastructure operators to share threat intelligence data. Some critics, including the U.S. Chamber of Commerce, are worried the Cyber Security Act will increase costs for businesses and strain resources without necessarily improving security. Proponents point to a recent string of high-profile data breaches as justification for regulations. However, under the SECURE IT Act, businesses would be incentivized, not forced, to collaborate. And the legislation creates a mechanism for sharing and receiving threat information via so-called “cybersecurity centers” within government.

»Until last year, lost and stolen
laptops were to blame for the largest percentage of breach types. Now, hacking has claimed the top spot. Computer intrusion was responsible for 83 percent of the total reported exposed records in 2011, according to the year-end “Data Breach Intelligence” report from Risk Based Security, affiliated with the Open Security Foundation, which chronicles security incidents. Last year saw nearly 368 million records breached, the highest ever, and the all-time tally sits at 1.3 billion, according to the report. 2011 was aided by a number of massive breaches, namely the Sony PlayStation Network hack, which compromised some 77 million records.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.