Cosmetic surgery files hacked

Details of 500,000 people stolen and used in blackmail attempt

  • Information submitted to Harley Medical Group accessed by hackers
  • Security breach bid to blackmail high end cosmetic surgery firm
  • ‘Russian hackers behind the breach’, it has been reported
Harley Medical Group

Harley Medical Group

One of Britain’s best-known and biggest providers of private cosmetic surgery has been targeted by computer hackers, it was revealed last night.

Confidential personal details of nearly 500,000 people who made an enquiry about surgery via Harley Medical Group’s website were stolen in an apparent bid to blackmail the company.

Patients interested in surgery are asked to fill in an online form ahead of an appointment, with details including phone numbers, email address and date of birth.

That personal information was accessed and stolen in a security breach, the firm admitted in a letter to patients posted online.

The company carries out a range of cosmetic surgery from breast augmentations and reductions to facelifts and tummy tucks. It boasts to potential customers on its website: ‘Our No 1 goal is to look after you.’

But Peter Boddy, chairman of the company that is based in Thames Ditton, Surrey, and has 31 clinics nationwide, was forced to write to clients apologising for the security breach.

He reassured them that ‘clinical and financial information has not been compromised’.

Mr Boddy wrote: ‘We recently became aware that an unknown individual had deliberately bypassed our website security, gaining access to information from initial website enquiries in an attempt to extort money from the company.’

Later, Harley Medical Group posted on Twitter: ‘We’re sorry details of initial enquiries have been accessed illegally and assure clinical and financial information is secure.’

The company said that it had improved its security.

Last night The Sun reported that Russian hackers were responsible.

They claimed the crooks struck last month using a Russian email address to try and extort money from the firm and that stars of The Only Way is Essex, were among customers whose details were accessed.

No one from Harley Medical Group was last night available to comment.
Source :

About these ads

Heartbleed hackers steal encryption keys in threat test

The Heartbleed Bug is the latest computer security scare.  This software information leak may grant hackers access to your banking information, e-mail accounts, and other personal information.

Its name comes from the term, “heartbeat extension.”  This is used in software to check that a connection between two servers is live.  Unfortunately, there is a flaw in this heartbeat code.  For us, this means our personal information may be at risk.

“For the individual worst case scenario is using a small town bank that does not fix this vulnerability, logging into the banking site and the attacker getting the keys to that encrypted connection and stealing the password.  That would give them access to all their accounts,” said Will Spencer, Missouri State University’s Information Security Officer.

Spencer said about 30% of internet sites still had this vulnerability as of last week.

“We see a lot of smaller organizations who do not have security staff and do not have resources to patch this bug,” said Spencer.

Your personal information on these websites is accessible to hackers.

“They can compromise information which means take your personal identity, credit card information, whatever they can find,” explained Spencer.

Many big companies like Google, Yahoo, Facebook, and Springfield City Utilities have fixed the problem.

Joel Alexander with Springfield City Utilities confirmed this.

“Almost immediately from finding out that there might be an issue with this software problem we took the necessary steps to be proactive with it,” explained Alexander.

“There are resources on the internet where you can check on a website and they can tell you if it’s been fixed,” said Spencer.

You can go to this “Heartbleed Test” website to see if a site you use is affected by the bug.  Just type the name of the site and you’ll see if it’s safe.

If you use Gmail, Yahoo, or Facebook and you are wondering if you should change your password, Spencer said, “Absolutely! It’s never a bad idea to change your password.”

Spencer said no individuals have lost information at this time.  However, the problem is that we cannot tell right away if hackers have hold of our information.

“And we’re never going to know until it’s too late,” added Spencer.

Spencer also recommended logging out of websites every time you are finished.  He said don’t be surprised if you see an email from a company like Google or Yahoo requesting that you change your password.

Source :

Microsoft: documents were stolen during recent employee email hack


Recent phishing attack targets select Microsoft employees

Recent phishing attack targets select Microsoft employees

It hasn’t been a pleasant start to 2014 so far for Microsoft: the Redmond-based company has been under attack from the Syrian Electronic Army across its email, social media and website systems. Now Microsoft has confirmed in a blog post that documents “associated with law enforcement inquiries” have been stolen as well.

It would seem that Microsoft’s announcement is designed to preempt any leaking of these documents by the SEA or other organizations that have got their hands on them. The blog post states: “Out of regard for the privacy of our employees and customers — as well as the sensitivity of law enforcement inquiries — we will not comment on the validity of any stolen emails or documents.”

As yet it doesn’t appear that any customer or user information was involved in the smash-and-grab, but Microsoft isn’t ruling it out either: “If we find that customer information related to those requests has been compromised, we will take appropriate action.”

“In terms of the cyberattack, we continue to further strengthen our security,” continues the post, penned by Adrienne Hall of Microsoft’s Trustworthy Computing Group. “This includes ongoing employee education and guidance activities, additional reviews of technologies in place to manage social media properties, and process improvements based on the findings of our internal investigation.”

To date, Microsoft’s woes at the hands of the SEA have included unauthorized blog posts, Twitter account hijacks and phishing attempts targeted at company employees. Adrienne Hall and her colleagues will be hoping for an easier ride for the rest of the year.

Read more: Digital Trends

Pune-based global hacker Amit Vikram Tiwari arrested

In what is being termed as the biggest international hacking scandal, possibly involving corporates, associations and big individuals, coordinated raids were conducted by investigative agencies in India, China and Romania, on the basis of intelligence from Federal Bureau of Investigation about the “organised hacking” happening in three countries and others. In India, the Central Bureau of Investigation conducted raids at four places including Mumbai, Pune and Ghaziabad and arrested the alleged mastermind hacker in India – Amit Vikram Tiwari (31), son of a former army colonel, said sources.

Interestingly, the controversial cricket league – Indian Premier League – is back in news again with the hacking scandal. According to highly placed sources, people connected to the IPL had approached Tiwari for hacking into the some accounts but they reportedly had a dispute over money after which work was not reportedly completed. CBI is investigating the IPL connection with the hacking. Officials refused to divulge details but hinted that some people associated with the tournament wanted high-level hacking done.

The primary investigations have revealed that corporates, individuals and even companies – “the clients” – had approached the hackers either for marriage disputes related issues or commercial purposes, which sources described as “corporate rivalry”.

It is suspected that Amit Vikram Tiwari is main hacker in India but he was in touch with people abroad and master-hackers are based somewhere else. Sources also said that most of clients who approached Tiwari for hacking into email accounts and websites were foreigners. All possibilities — national security, corporate hacking, financial fraud and hacking into government departments and secret units, are being probed by CBI in coordination with FBI.

Officials say that 900 email accounts were hacked between February 2011 and February 2013 by international hackers including Tiwari and 171 accounts out of these belonged to Indians. “It has been alleged that a number of internet websites advertised that the website operators could get access to e-mail account in exchange for a fee varying from $250 to $500. The customers desirous to get unauthorized access, submitted e-mail accounts to these websites. Upon receipt of the order, as well as the e-mail addresses, the website operators gained access to such e-mail accounts and sent a proof of such access to the customers. On receipt of payment from Customers these website operators shared the password with the customers,” said CBI Spokesperson Kanchan Prasad. CBI has booked Tiwari and unknown hackers for criminal conspiracy, theft of information and Section 66 of Information Technology Act.

Sources say that payments were being received by hackers through western union money transfer and web-payment portal

What has baffled investigators is that FBI tracking the scandal. It is being suspected that some accounts related to United States government and big corporates there were also hacked after which FBI tracked the hosting sites, used for hacking, in India, China and Romania. In India, Tiwari and his fellow hackers were using two primary websites – and from Pune.

CBI Director Ranjit Sinha said that this was part of an international law enforcement operation and CBI had registered two FIRs against suspect operators of hacking websites. “The operation is product of an international investigation coordinated by Federal Bureau of Investigation, Department of Combating Organised Crime (DCCO) of Romania, CBI and the Ministry of Public Security (MPS) of China and raids in three countries were carried out simultaneously,” said Sinha.

The FBI officials had been reportedly having regular meetings with CBI in New Delhi over past few months and a preliminary enquiry was registered last month itself and it was decided that coordinated raids would be conducted in all the countries. FBI has launched major operation against hackers located globally last year as part of which Romanian authorities have arrested a hacker known as ‘Guccifer’ on Thursday who was infamous for hacking into accounts of powerful leaders. It is alleged that Guccifer leaked online Colin Powell’s personal emails, an unreleased script of Downton Abbey, and the paintings of George W Bush.

CBI sources say they had no information about arrests made in Romania and China as it was the domain of authorities in those countries and it was only concerned with the probe in India.

CBI officials, after arresting Tiwari from Pune, were bringing him to Delhi for interrogation. He has initially given some inputs about his clients and people whose accounts were hacked. Agency has recovered his computers, laptop and hard-drives for retrieving the data.

Sources say that Tiwari, who had reportedly done his engineering from Pune, had been arrested in 2003 as well for trying to defraud a Mumbai based credit card processing company. Mumbai Police had arrested him for the scandal.

Source : TOI

Millions of email accounts, passwords stolen by hackers

The passwords and other details of 16 million email users in Germany have been stolen, the country’s security agency has revealed.

Millions of email accounts, passwords stolen by hackers

Millions of email accounts, passwords stolen by hackers

Researchers and prosecutors stumbled upon the hacked accounts while conducting research on a botnet, a network of computers infected with malware.

Germany’s Federal Office for Information Security (BSI) has created a website to help people find out whether or not their e-mail was among those hacked. The site temporarily crashed on Tuesday due to heavy traffic. Users who submit their email address to the website will be sent an message if their account has been compromised.

“If that happens, then your computer is most likely infected with malware,” Tim Griese, with the Federal Office for Information Security, told the news agency DPA.

Authorities have not released information on who stole the e-mail accounts.

Vietnamese hackers target EFF staffers, journalist in phishing attack

On December 20th, 2013, two EFF staffers received an email from “Andrew Oxfam,” inviting them to an “Asia Conference,” and inviting them to click on a pair of links which were supposed to contain information about the conference and the invitation itself. These links were especially suspicious because they were not hosted on Oxfam’s domain, but instead directed the invitee to a page hosted on Google Drive, seen below. In addition, this email contained two attachments purporting to be invitations to the conference.

The Electronic Frontier Foundation has published details of an attempted malware attack on two of its employees by a group of hackers associated with the Vietnamese government. The hacker group, known as Sinh Tử Lệnh, has targeted Vietnamese dissidents and bloggers in the past; it now appears that the campaign has been extended to attacks on US activists and journalists who publish information seen as critical of the Vietnamese government.

The Vietnamese government has gone after bloggers in its own country before, and as of last year it had jailed 18 independent journalists—bloggers being the only journalists in the country not affiliated with state-run media. And since 2009, the hacker group has taken that campaign beyond Vietnam’s borders, targeting members of the Vietnamese diaspora critical of the Hanoi regime.

In December, two staff members of the EFF received e-mails from someone claiming to be from Oxfam International, inviting them to “Asia Conference.” The e-mail, from a Gmail address for “Andrew Oxfam,” appeared to have been sent to a list and included links to two documents that appeared to be information on the conference shared over Google Drive.

But both links were actually to the same HTML application—one that wrote a Microsoft Word document and a Windows executable onto the users’ local drive. When either file was opened, the dropped package installed some malware and made changes to the Windows registry. One of the installed files is integrated into the Windows user shell (explorer.exe) and starts an outbound Internet connection (using port 443) to start communicating with a command-and-control server.

The same malware was sent to an AP reporter in November, disguised as a Vietnam human rights white paper. Similar malware has also been used against Vietnamese dissident bloggers, including a prominent Vietnamese pro-democracy blogger in California whose blog login and personal information were exposed. “It appears that a single blog post is enough to make you a target for Vietnamese spying,” EFF Global Policy Analyst Eva Galperin and University of Toronto Citizen Lab security researcher Morgan Marquis-Boire wrote in their post on the attack