Posts Tagged ‘hacking’
August 30th, 2011
If you have ever been hacked, you will know the sense of powerlessness that this assault brings. And with it, a desire to avoid that feeling again at all costs. On the personal level, it is destructive enough, but at the corporate level, the outcomes are usually disastrous, both financially and in terms of reputation.
The war with professional hackers is escalating and it is truth that the terrain has shifted from the sociopathic individual or small groups to well-organised, commercially-focused criminal units that employ a rapidly-evolving arsenal to breach corporate network defences.
Image: A1 Enterprise
The latest in this armoury was highlighted by TechTarget’s security wing – the Ramnit worm variant. Robert Westervelt wrote an incisive article, published last Thursday that exposed the threat to banks across the world.
The Ramnit worm was, until recently, seen as a low-level malware threat but Robert identified how cyber gangs behind the worm have transformed it into financial-focused malware capable of draining bank accounts, using what may be bits and pieces of the publicly-available Zeus malcode to make it more effective.
Ramnit has been around for just over a year and was used to infect Microsoft Windows executable files. After infection, the malware stole saved FTP credentials and browser cookies.
But researchers at Trusteer, a Boston desktop security vendor have identified a new attack method built into the Ramnit worm.
This new strand of malicious code may well emanate from the Zeus Trojan family and it supports ‘man-in-the-browser’ attacks, allowing criminals to bypass two-factor authentication, modify Web pages and covertly insert banking transactions.
We know that the Zeus Trojan family can have serious consequences. A little more than a year ago, an unnamed UK financial institution was the victim of a Zeus Trojan. The gang leading the attack stole £675,000.
We don’t know yet whether the Ramnit variant has been used to attack corporates in the wild but the seriousness of the threat is clear – the malware can syphon off bank accounts but stay invisible to users and host applications.
What is also very clear is that this variant and others like it, can be evolved rapidly, which should give corporates serious pause for thought in their network security operations.
November 15th, 2007
I worked for teenage virtual world Habbo Hotel in its early start-up days, and was fascinated to read this morning that police in the Netherlands have arrested a 17 year-old suspected of stealing virtual objects from other Habbos.
It is believed to be the first time European officers have arrested someone for stealing virtual property. According to reports, five other teenagers are also being questioned over the theft, which is thought to have netted items worth around €4,000 (£2,800).
Hackers and thiefs (known as scammers) have been an ongoing problem for Habbo Hotel, and the community’s success has to a large extent rested on its ability to both technically and manually deal with these trouble makers.
Sulake, the Finnish company behind Habbo Hotel, has always taken a firm approach to anyone trying to damage the user experience, as for one, its community is largely made-up of children and teens. But it amazes me that it’s taken more than five years for Europen police to come up to speed on dealing with an issue like this. Virtual property laws in the UK have to date been largely untested (well as far as I’m aware).
As the internet infiltrates more and more of our daily lives, it’s crucial that offline laws are equally as applicable online. Let’s hope the Habbo example goes down in case history.
P.S. The image at the top is my old room in Habbo Hotel ‘newsbox’!