»The FBI charged 14 people, mostly twenty-somethings, for their alleged involvement in a DDoS attack on the PayPal website in December. The hacktivist collective Anonymous issued a call to arms last year when corporate websites, including PayPal, cut ties with WikiLeaks after the whistleblower group published secret U.S. diplomatic cables, some of which embarassed government agencies.
»Three hacker conventions converged on Las Vegas in early August, wowing crowds with cool exploits and lively conversations. The 15th annual Black Hat show included talks demonstrating how to remotely disable an insulin pump, hack a MacBook battery and start a car. Speakers also presented on browser, mobile and SCADA risks, among others. Black Hat also is home to the Pwnies, a lighthearted awards show that recognizes winners in dubious categories, such as “Most Epic Fail” (Sony) and “Most Epic 0wnage (Stuxnet). The even more irreverent DefCon show, home to what is described as the world’s most hostile network, came next and included various competitions and panels, such as a candid discussion around the actions of Anonymous and LulzSec. The show also included sessions for children ages 8 to 16. Security B-Sides, a more informal conference that includes talks that didn’t make the Black Hat cut, also was held during the same week.
» As part of a new bug bounty program, Facebook will award researchers $500 or more if they privately divulge certain flaws that may “compromise the integrity or privacy of Facebook user data,” the company announced. To qualify for a bounty, security researchers must follow Facebook’s responsible disclosure policy, which states that the social networking giant must be given a “reasonable” amount of time to respond to the report before any information about the vulnerability is made public.
» The nonprofit Cloud Security Alliance (CSA) is planning to develop and maintain on its website a public registry documenting the security controls that exist in various cloud computing offerings. The repository, to be called CSA Security, Trust & Assurance Registry, will help cloud users assess the security of potential and existing providers. The registry builds on the group’s Consensus Assessments Initiative, a project launched to increase the transparency of cloud computing security controls.
» Police in the U.K. arrested the man they believe has been serving as the unofficial spokesperson for the hacktivist group LulzSec. The 19-year-old suspect, who uses the alias Topiary, was arrested in late July. Topiary is believed to be the person responsible for running the popular Twitter account belonging to LulzSec, a six-person hacking group that emerged in late May, and proceeded to launch a series of assaults against a diverse group of organizations.
» Sony‘s insurer is contesting any obligation to cover costs related to lawsuits filed over its massive PlayStation Network breach. earlier this year. In a complaint filed with the state Supreme Court in New York, Zurich American Insurance Co. is seeking “declaratory relief” from having to defend and possibly compensate Sony over class-action lawsuits or state attorneys general actions filed in response to the breach. Zurich argues that it is not liable to indemnify Sony for these costs because its policy with the company only covers claims for bodily injury, property damage or personal and advertising injury.
» A Georgia man was sentenced to 10 years in prison after authorities found him in possession of more than 675,000 stolen credit card numbers that he used to conduct fraudulent transactions totaling more than $36 million. Rogelio Hackett Jr., 25, of Lithonia, Ga., obtained the data by hacking into networks belonging to businesses and downloading it from databases, or by purchasing it on carding forums. He pleaded guilty in April to one count each of access device fraud and aggravated identity theft. In addition to his prison term, Hackett was ordered to pay a $100,000 fine.