February was a relatively quiet month in terms of hacks, cyber-attacks and data breaches. Maybe it was a fluke of the extra leap day or maybe it’s just the calm before the storm. February also brought us The Malware Museum, a collection by Jason Scott of “malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers.” It really deserves an honorary mention in our Hack Hall of Shame as it gives the user the possibility to experience an 80s or 90s virus infection in complete safety. My personal favorite has to be what is probably one of the earliest forms of hacktivism.
So, are you ready to countdown with us the top hacks, attacks and vulnerabilities of February 2016?
Thousands of FBI and DHS employees’ details leaked
On February 7, Motherboard reported that around 30,000 records of FBI and Department of Homeland Security workers were at the risk of being leaked. By the next day, anonymous sources leaked the names, titles, email addresses, and phone numbers of 9,000 DHS employees and 20,000 FBI employees. Both dumps were accompanied by Pro-Palestine slogans. These leaks are the results of the hack on US Office of Personnel Management which happened ack in September 2015.
Linux Mint is hacked
Website and forum users of Linux Mint and anyone who downloaded a copy of the 17.3 Cinnamon edition over the weekend of February 19 were probably affected by the hack. In a blogpost posted on February 21, Clem Lefebvre confirmed the news saying that “Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.”
Anyone who installed the ISO from the Linux Mint website is urged to remove it and reinstall a clean version. Lefebvre also advised users to change all passwords to sensitive websites.
‘Error 53’ bricks the iPhone 6
Many iPhone 6 users were left fuming after receiving the ‘Error 53’ which came to light after some iPhone 6 owners updated to iOS9. Anyone who had his or her home button repaired by a third party reported the problem. The error renders the iPhone worthless and even though Apple knows about the problem, the company seems to have never made the consequences public. Whilst I know this isn’t really a hack or a cyber-attack as such, I believe something which renders a $700+ piece of hardware useless deserves a place in our Hack Hall of Shame.
Hollywood hospital brought down by ransomware attack demanding $3.6 million
Medical institutions keep getting attacked and this February a major Hollywood hospital – Hollywood Presbyterian Medical Center – was brought to its knees with a ransomware attack demanding 9,000 bitcoins ($3.6 million) on February 5.
Hackers attack hospital system in New Zealand
The LA hospital wasn’t the only one attacked in February. A New Zealand hospital – Whanganui District Health Board – was also the victim of a new variant of ransomware that goes by the name of “Locky.” The network system seems to have been infected through a Word document which encrypted the files stored and demanded a ransom. Experts at Forbes said Locky is being sent out by “Russia’s biggest cyber-criminal gang.”
Skype users hit by ads spreading malicious Angler exploit kit
A vulnerability which took the form of a malvertising campaign on Skype was discovered by researchers at F-Secure Labs. The campaign is said to have served poisoned ads that redirected to the Angler exploit kit which infected users with TeslaCrypt. The same campaign was found out to be serves on shopping sites, gaming forums and even on the Daily Mail in the UK.
Users of insurance site QuoteMeHappy.com were left fuming after receiving an email saying that some customer data might have been exposed to other customers due to a caching error. The company assured its customers that at no point could users change any details and that the information available amounted to “vehicle registration, email address, mobile number, landline number and address.”
Lousy Nissan LEAF security leaves cars open to online exploitation
The internet of insecure things strikes again, this time the victim is an electric car, specifically the Nissan Leaf. All you need to perform the attack is the car’s VIN (Vehicle Identification Number) which can easily be found on the car’s windscreen. If the owner has connected the mobile app to the car than anyone across the world can get information about car journeys and has the ability to start/stop the car.
Florists hit by targeted DDoS attacks in run-up to Valentine’s Day
In the run up to Valentine’s Day several florists’ websites fell victim to DDoS attacks. Security researchers at Imperva said they noticed an increased amount of bot traffic to these websites and in fact, one florist also received a ransom note.
Ringo Starr’s Twitter account hacked
Last month it was Jeremy Corbyn, this month it’s Ringo Starr to have fallen victim of a Twitter account take over. The hacker is said to be a Harry Styles hater since one of the tweets said “Being honest here, @Harry_Styles was a bit smelly.” The hacker didn’t really do any damage and since Starr has a tendency to end every tweet with Peace and Love together with a river of emoticons it was quickly apparent to fans what was happening. After regaining control of his account Ringo Starr changed his profile picture with a photo of him holding a sign saying “Not Afraid.”