Welcome to this year’s first Hack Hall of Shame. We started the year with a wave of hacktivism which saw both Anonymous and New World Hacking launching attacks against the likes of Donald Trump, and Saudi Arabian, Thai and Nigerian government websites.
But what other security threats made the news last month? Countdown with us the top ten hacks, attacks and vulnerabilities of January 2016.
A new hacktivist group emerges
The new year brought us a new hacktivist group that goes by the name of New World Hacking. On January 2, the group claimed responsibility for the attack on Donald Trump’s website, which was down for about an hour due to a DDoS attack. The group also claimed responsibility for an attack on the BBC website (including its iPlayer service) which lasted around 3 hours and which was executed on New Year ’s Eve. When contacted by ZDNet, a member of the group said that the attack on the BBC was just a test of their power. New World Hacking explained how their main targets are ISIS, and they will be working on unmasking its members, and stopping their propaganda.
Anonymous keep themselves busy
The hacktivist group Anonymous didn’t take any holidays this January and during the first week conducted a series of cyber-attacks on Saudi Arabian government websites as a protest over the execution of 47 people. It then attacked Thai police sites over the jailings of two Burmese migrants who were scapegoated in the murders of two British citizens, and later targeted Nigerian government websites citing ‘corruption, poverty and theft’ as their motives. Anonymous shifted their attention to more environmental matters, and on January 10, took responsibility for the attacks on two Nissan websites as a result of its ongoing OpWhales campaign which spreads awareness on the killings of whales and dolphins in Japan.
Scathing report shows Microsoft failed to warn hack victims
On New Year’s Eve, Microsoft was on the receiving end of a damning report by Microsoft experts who said that, years ago, thousands including international leaders of China’s Tibetan and Uighur minorities, amongst others, had their Hotmail accounts hacked by Chinese authorities. Microsoft decided not to notify the victims in this instance. When asked for a comment by Reuters, Microsoft said that “it would change its policy and in future tell its email customers when it suspects there has been a government hacking attempt.”
Jeremy Corbyn’s Twitter account hacked
Britian’s Opposition Leader had his Twitter account hacked on January 10 at around 9:00am (GMT) by a trickster who posted 4 messages. The hack didn’t really cause much harm as it was juvenile in nature but one particular tweet saying “davey cameron is a pie” did seem to delight Corbyn’s followers and received almost a thousand retweets.
Tech support scam points to Dell breach
On January 7, Ars Technica reported on a tech support scam which points to a Dell customer data breach. A website’s reader, identified as Joseph B said that “what made the calls interesting was that they had all the information about my computer; model number, serial number, and notably the last item I had called Dell technical support about (my optical drive).” Dell didn’t reply to Ars’ questions about whether their customer data had been compromised.
US Spy Chief pranked by teen hackers
On January 12, Motherboard released a story about Director of National Intelligence James Clapper being the target of a group of alleged teenage hackers known as “Crackas With Attitde.” “Cracka” a member of the hacking collective contacted Motherboard to let them know about the hack which consisted of breaking into Clapper’s home phone and internet, his email and his wife’s email. Cracka said he forwarded Clapper’s home phone to the Free Palestine Movement and explained how their hacking is a reaction to the current Palestine situation saying: “I just wanted the gov to know people aren’t fucking around, people know what they’re doing and people don’t agree #FreePalestine”
Hyatt names hotels hit by malware
On January 15, the Hyatt Hotel Chain released a list of hotel names whose customer payments systems were hit by malware between August and December last year. The list contains hotels in “Canada, the US, the UK, Jordan, Chile and Indonesia and involves almost half of its properties” according to the BBC, and the firm is offering one year’s free protection for those who used their cards in these hotels. For more information or to check eligibility click here.
LastPass susceptible to phishing attack
Security researcher Sean Cassidy revealed a phishing attack on LastPass in a blogpost calling the attack LostPass. He said an attacker would be able to “steal a LastPass user’s email, password, and even two-factor auth code, giving full access to all passwords and documents stored in LastPass.” He details the whole process in his blog and also provides a list of how to stay safe. Cassidy says you stay safe by ignoring notifications in the browser window, enabling IP restrictions if on a paid plan, disabling mobile logins, logging all logins and failures, and by informing your employees of this attack.
Melbourne hospital’s computer system is taken down by virus
A virus, which affected Melbourne Hospital’s core computer systems and personal computers, was discovered on January 15. According to ZDNet “the virus moved through the hospital’s systems over the weekend, and IT staff and security consultants have been working around the clock to isolate the problem.” It took the hospital a few days to clear the havoc caused by the virus but the hospital said that patient medical records have not been compromised.
Java bug also found in PayPal
A Java-based attack which researchers have been warning about for a year found itself to the company’s back-end system. According to PCWorld the bug would have allowed an attacker to “execute arbitrary commands on the server and potentially install a backdoor.” Paypal is said to have since fixed the vulnerability.