A SECRET dossier detailing plans for policing this summer’s London Olympics was left on a TRAIN.
A cop lost the file but a commuter found it and handed it to The Sun.
The shocking security blunder could have provided terrorists planning an attack with invaluable data.
A shamed senior cop has been carpeted.
The chief inspector in Scotland Yard’s Territorial Policing branch is said to be “hugely embarrassed” by the potentially serious blunder.
The dossier contained details that would have helped al-Qaeda terrorists mount a devastating attack on the Games in London this summer. “Restricted” files spell out security plans in place at the sites of events and provide minutes of top-level meetings where ways to beat terrorists were discussed.
Read more…
Online shoe and clothing retailer Zappos.com has warned its users that it has suffered a massive data breach.
Up to 24 million customers may have been impacted by the security breach, which has forced the firm to reset the passwords of its customers.
According to the company, which is owned by Amazon.com, details stolen include names, email addresses, billing/shipping addresses, phone numbers, and the last four digits of customers’ credit card numbers.
In addition, password hashes were exposed.
So, you’ll have to change your Zappos password if you want to shop from the store again. And, actually, it would make sense to ensure that you are not using the same password anywhere else on the net.
Read more…
Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called “an infestation” of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned.
At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college’s data security monitoring service detected an unusual pattern of computer traffic, flagging trouble.
It appeared at first that the problem was contained in a single computer lab at Cloud Hall on the Phelan Avenue campus, one of a dozen City College sites around the city. David Hotchkiss, the chief technology officer, immediately shut the lab down and reported the problem to Chancellor Don Griffin, General Counsel Scott Dickey and Board of Trustees President John Rizzo.
But a closer look revealed a far more nefarious situation, which had been lurking within the college’s electronic systems since 1999. For now, it’s still going on. So far, no cases of identify theft have been linked to the breach. That may change as the investigation continues, and college officials said they might need to bring in the FBI.
The college’s payroll, admissions and accounting systems have yet to be analyzed for the viruses.
Read more…
Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/01/12/MN4Q1MO9JK.DTL#ixzz1jP3ObQQk
A top federal prosecutor has a message for companies: If you’ve been hacked, tell us.
Speaking at a cyber security conference in New York on Thursday, Manhattan U.S. Attorney Preet Bharara said companies should trust in the discretion of prosecutors and the FBI and come forward with information about a security breach, rather than keep it an internal secret.
“When industry delays or minimizes, it is harder to assess vulnerabilities and harder to formulate solutions,” Bharara said. “When industry delays unduly in disclosing to us, or minimizes, it is that much harder to get the bad guy.”
Cyber security experts say that corporations rarely acknowledge breaches, and often keep them secret from law enforcement out of fear that news of a compromise will damage their reputation, hurt stock prices and possibly lead to further attacks.
Bharara addressed that fear, calling it unacceptable in the face of increasingly virulent cyber attacks.
Trying to maintain secrecy was “the equivalent of sticking one’s head in the sand,” Bharara said. “Get over it.”
Read more…
American and British politicians and defense and intelligence officials were among the victims of the hack attack on the website of think tank Strategic Forecasting (Stratfor) last Christmas Day.
A report on UK’s The Guardian said the security breach also exposed the data of North Atlantic Treaty Organization advisers.
The report said the private information exposed by the “hacktivists” included those of 221 British military officials and 242 NATO staff; civil servants working at the heart of the UK government including several in the Cabinet Office as well as advisers to the Joint Intelligence Organisation, have also been exposed, the report said.
It noted the Joint Intelligence Organisation acts as the prime minister’s eyes and ears on sensitive information.
The Guardian report said the hackers are believed to be part of the Anonymous hacker group, which hacked into the account information of Stratfor.
Read more…
Israel said on Saturday the online publication of thousands of its citizens’ credit card details by a hacker who says he is based in Saudi Arabia was comparable to terrorism, and promised to hit back.
The data theft, which appeared to focus on commercial websites, was one of the worst Israel has said it has faced.
While government officials and credit card companies said the financial damage was minimal, the breaches were welcomed by the Palestinian militant group Hamas and have heightened concerns about the potential use of stolen information by the Jewish state’s foes.
Such cyber-attacks are “a breach of sovereignty comparable to a terrorist operation, and must be treated as such”, Deputy Foreign Minister Danny Ayalon said in a speech, adding that Israel had not yet ruled out the possibility that the hacking had been carried out by a group “more organised and sophisticated … than a lone youth”.
“Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action,” he said, without elaborating.
Read more…
The blueprints for security upgrades to the Kensington Palace apartment Prince William and Kate Middleton will soon call home have been made public, exposing the high-profile royal couple to potential security threats, royal and security experts say.
The planned, updated protection measures for the Duke and Duchess of Cambridge’s new home, which they plan to occupy next year, were made available for public viewing yesterday at the request of the local Kensington town council.
Members of the public can see the upgrades, said to include an “air lock” double-door system, advanced CCTV system, special pop-up bollards and spiked railings, at the Kensington town by showing just a passport or driver’s license photo identification.
The potential security breach comes the same week that a dead body was discovered on the grounds of the royal family’s vacation retreat at Sandringham Estate, just one mile from the home where Queen Elizabeth and Prince Philip are currently staying, and where Prince William and Kate joined them to celebrate Christmas.
“After the Queen, they are the most important members of the royal family,” Dickie Arbiter, former press secretary to the Queen, told ABC News, of Will and Kate.
Read more…
Undercover police officers and recruits have repeatedly sneaked simulated bombs into high-profile District government buildings, including the John A. Wilson Building that houses the office of the mayor and council members, according to a newly released memo.
The memo, first obtained by the Service Workers Employees International Union through the Freedom of Information Act, outlines more than a dozen potential security breaches between July 2010 and June 2011.
In October 2010, recruits took a “simulated cellphone bombs” past security officers manning the X-ray machine at two different entrances of the Wilson Building, the memo states.
In the same operation, recruits smuggled fake cellphone bombs into a city building on Fourth Street SW and One Judiciary Square, which houses several government agencies, including the Board of Elections and Ethics. A simulated pipe bomb also made it past security at Fourth Street SW.
Earlier this year, undercover agents used a simulated bomb hidden in a book to raise concerns about security at the Unified Communications Center, the city building on Fourth Street SW, and One Judiciary Square.
Read more…
Ava Wong had her identity stolen in 2008. She spent the next year trying to get her financial life in order again.
So, she was upset to log into her RBC banking account last month and find someone else’s confidential information there.
“On Nov. 27, I discovered that all the line of credit statements belonging to a couple in Saskatoon had been linked to my client profile,” she said.
“I was able to see every statement belonging to their RBC Homeline Plan, starting from July 2007, when they first opened the account.”
She reported the incident to a senior account manager that day. On Nov. 30, she followed up to say she could still see the information.
Read more…
Visa is investigating a potential security breach that may have compromised payment cards of Eastern Europeans.
Although Visa hasn’t disclosed which countries were hit, the Romanian state-owned CEC Bank has blocked and reissued 17,000 cards on suspicion that they had been compromised.
CEC Bank said in a statement that “a number” of cards issued by banks both in Romania and abroad might have been compromised via an international database.
Here’s an excerpt from the statement, translated into English from Romanian by v3.co.uk:
The bank has been informed that a number of cards issued by banks in Romania and abroad have been potentially compromised through an international database. CEC Bank has decided to block the cards and reissue a new card and PIN, at no cost, for a number of cards in its portfolio
This attack did not target CEC Bank’s cards alone and was not due to any bank vulnerability. Our clients’ money is safe.
Read more…
Last week we took a look at a few IT predictions for the year ahead, and this week we’re focusing specifically on threat forecasts from security vendors. They all agree that we should expect threats to grow in number, sophistication and damage potential. (Then again, would it make any sense for them to tell us, “Fear not, things are going to be just fine next year”?)
An eruption of mobile malware is widely expected in 2012, as cyber crooks become savvier about hiding malware in social media platforms. Professional criminal groups will find evermore insidious ways to take advantage of human nature online, and companies harboring vast amounts of concentrated data (cloud service providers, social networks, large enterprises) will be irresistible targets. Here is a quick overview of some of the specific predictions:
FortiGuard Labs: The research unit at Fortinet offers up eight network security trends for the year ahead, beginning with the first instances of ransomware on mobile devices. Mobile malware combined with social engineering tactics may prove irresistible to hackers, who can gain root access to infected devices and use it use to hold the devices hostage. (I predict they will publicly release their predictions Dec. 13.)
Also in the mobile threat realm, FortiGuard Labs expects to see worms squirm their way into Android devices via SMS messages or social network posts with malicious links. Meanwhile, Android-based malware will become more complex and diverse, and next year it will witness its introduction to polymorphism, in which the malware mutates automatically, making it harder to detect and eliminate.
Read more…
Sports equipment maker Adidas took some of its websites offline after a security breach.
Adidas said it became aware of a “sophisticated, criminal cyber-attack” on its various web sites on 3 November but the firm claimed it found no evidence that customers’ data had been stolen. Instead, Adidas said it took the web sites offline to protect its users.
Adidas issued a statement saying that it took the websites affected – adidas.com, reebok.com, micoach.com, adidas-group.com and various Ecommerce shops – offline as it undertakes a “thorough forensic review”.
Since Adidas uncovered the attack, it claims to have put in place additional security measures. The firm added, “nothing is more important to us than the privacy and security of our consumers’ personal data”.
While Adidas said that its preliminary investigation did not find any evidence of a data breach, that still leaves open the possibility that the attackers were simply better than average at covering their tracks. Adidas’ customers who have personal information stored on the firm’s servers will be eager to know what happened.
Adidas has since started to bring its various websites back online.
View source…
