From Protection of the Department of Energy’s Unclassified Sensitive Electronic Information, DOE/IG-0818: The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special…
Category: Of Note
Three indicted for hacking Heartland, 7-Eleven, and Hannaford; Over 130 million credit and debit card numbers stolen
An indictment [pdf] was returned today against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history, announced Acting U.S. Attorney Ralph J. Marra, Jr., along with Assistant Attorney General of the Criminal Division Lanny A. Breuer and United States Secret Service…
Hacker used Twitter to control infected PCs
Twitter’s been having a rough couple of weeks. A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil. Networks of infected PCs are referred to…
An open letter to Heartland CEO Robert Carr
Rich Mogull of Securosis joins Mike Rothman in taking Heartland Payment Systems CEO Bob Carr to task for his comments that seemed to shift responsibility for the breach to the assessors who told them they were PCI-compliant: […] PCI compliance means you are compliant at a point in time, not secure for an indefinite future….
Aussie accused of using malware to steal bank details
An Australian has been charged with infecting 3000 computers worldwide with viruses designed to capture banking details. The 20-year-old from Adelaide is also suspected of having developed software capable of launching virus attacks on 74,000 computers worldwide. […] The man has been charged with offences including unauthorised modification of computer data, supply and possession of…
Eight million gamers suffered from computer virus
A destructive computer virus invented by a group of 11 people stole and sold the personal details of more than eight million gamers, a Xuzhou court was told. The virus called Wenrou had attacked more than 1,200 websites, seriously damaged the operation of more than 40 online games and contributed to half of all thefts…