cyber crime – Page 3 – Cyber Law Watch

Baseball team pays a big price for hacking

Feb 07 2017

You may not have followed this but the America’s Major League Baseball (MLB) St Louis Cardinals had an employee who accessed the Astros’ system around 60 times over two years, gaining access with a password similar to that used by a Cardinals colleague who left the club to work for the Astros in 2011. (Also a little lesson there about password management one would think.)

Anyway Correa was last year fined nearly USD280,000, and sentenced to 46 months in Federal prison. Enough said. Read More

Hackers to take the blame for Census?

Aug 10 2016

By Cameron Abbott and Rebecca Murray

The Australian Bureau of Statistics (ABS) says that the 2016 online census form was subject to “four Denial of Service attacks,” which prompted the ABS to shut down its Census website as a security precaution on Tuesday night. Read the ABS’s media release here.

While the ABS maintains that 2 million forms were successfully submitted and safely stored, thousands of Australians were prevented from taking part in the Census due to the website crash. The ABS has revealed that it believes that the attacks came from overseas and were a deliberate attempt to sabotage the census. However, we are wondering if the entire Australian population accessing the website at the same time might look like a Denial of Service attack in its own right! If ever a system should have been robust enough to cope with such an attack it was this one.

Attorney-General George Brandis has stated that the security measures in place were “more than sufficient to protect individual privacy” and that “the cyber security operations centre has been engaged overnight…and is investigating the matter.”

Malware attacks a Melbourne hospital’s outdated IT system

Jan 29 2016

By Cameron Abbott and Meg Aitken

Don’t say we (and Microsoft) didn’t warn you, a prominent Melbourne hospital’s IT system that runs on an outdated and unsupported Windows operating system, Microsoft XP, was hacked last week.

Microsoft recently activated the end-of-life phase for Windows 8, 9 and 10 and encouraged users to transition to the company’s supported operating systems in order to prevent security incidents. The same process was undertaken for Microsoft XP in 2014; however the hospital continued to use the platform in some departments.

The pathology department was the primary victim of the attack and staff were reportedly forced to manually process blood tissue and urine samples while the electronic system was compromised. Fortunately, highly sensitive patient information is not believed to have been accessed by the hackers.

It has been reported that the hospital is now expediting plans to upgrade its IT systems.

Access the media release here.

Complex ModPOS Malware Infects Point-of-Sale Terminals in Lead up to Christmas Spend Frenzy

Nov 30 2015

By Cameron Abbott and Meg Aitken

While the festive season approaches and retailers prepare for their busiest time of the year, a sophisticated form of point-of-sale malware, known as ‘ModPOS’, has reared its ugly head and is targeting payment terminals in the U.S.

It is estimated that the first ModPOS data hacks occurred in 2013 and that millions of credit and debit cards used at a broad variety of U.S. retailers have since been compromised. The unique complexity of the code, which experts say has never been seen before in malware, made it tricky to decipher.

Cyber security experts have warned that ModPOS has the ability to not only “scrape” credit and debit card numbers from the memory of point-of-sale terminals, but that the multifaceted code also records keystrokes of computer operators and transmits stolen data. If that isn’t enough, the malware is particularly difficult to detect and is reportedly capable of infiltrating despite security software and data controls.

More details about ModPOS malware can be found here.

Ashley Madison Hackers Release User Data

Aug 29 2015

By Cameron Abbott and Melanie Long

On 19 August 2015 the group known as ‘The Impact Team’, who a month earlier hacked into online affair website Ashley Madison, made good on its threat and released a “data dump” of Ashley Madison users’ personal information. A second and larger release of stolen data occurred 2 days later and appears to have included emails sent by Noel Biderman, Ashley Madison’s founder and CEO of parent company Avid Life Media.

Following the release of the stolen data, acting Australian Information Commissioner, Timothy Pilgrim, announced the launch of an investigation into the breach which is to be conducted in liaison with the Office of the Privacy Commissioner of Canada (where Avid Life Media is based). On 28 August 2015 Noel Biderman stepped down from his role as CEO of Avid Life Media.

Read the ABC news’ article in relation to the first data release here.

ABC news’ article relating to second data release can be found here.

The Office of the Australian Information Commissioner’s press release relating to its investigation can be found here.

Ashley Madison Data Security Breach

Jul 19 2015

By Cameron Abbott and Melanie Long

On 19 July 2015 the Avid Life Media dating website Ashley Madison, which is aimed at married people who want to have an affair, was hacked by a group known as ‘The Impact Team’. The Impact Team has threatened to release users’ profiles if Ashley Madison and other Avid Life Media websites such as Established Men and Cougar life are not shut down. The Impact Team claims to have stolen the details (including names, addresses, credit card numbers and personal sexual fantasies) of over 37 million users.

The story was broken by Brian Krebs, a former cyber crime writer for the Washington Post, on his blog ‘Krebs on Security’. A link to his article, which includes a statement made by Avid Life Media following the hack, can be found here.

Tag:cyber crime