Cosmetic surgery files hacked

Details of 500,000 people stolen and used in blackmail attempt

  • Information submitted to Harley Medical Group accessed by hackers
  • Security breach bid to blackmail high end cosmetic surgery firm
  • ‘Russian hackers behind the breach’, it has been reported
Harley Medical Group

Harley Medical Group

One of Britain’s best-known and biggest providers of private cosmetic surgery has been targeted by computer hackers, it was revealed last night.

Confidential personal details of nearly 500,000 people who made an enquiry about surgery via Harley Medical Group’s website were stolen in an apparent bid to blackmail the company.

Patients interested in surgery are asked to fill in an online form ahead of an appointment, with details including phone numbers, email address and date of birth.

That personal information was accessed and stolen in a security breach, the firm admitted in a letter to patients posted online.

The company carries out a range of cosmetic surgery from breast augmentations and reductions to facelifts and tummy tucks. It boasts to potential customers on its website: ‘Our No 1 goal is to look after you.’

But Peter Boddy, chairman of the company that is based in Thames Ditton, Surrey, and has 31 clinics nationwide, was forced to write to clients apologising for the security breach.

He reassured them that ‘clinical and financial information has not been compromised’.

Mr Boddy wrote: ‘We recently became aware that an unknown individual had deliberately bypassed our website security, gaining access to information from initial website enquiries in an attempt to extort money from the company.’

Later, Harley Medical Group posted on Twitter: ‘We’re sorry details of initial enquiries have been accessed illegally and assure clinical and financial information is secure.’

The company said that it had improved its security.

Last night The Sun reported that Russian hackers were responsible.

They claimed the crooks struck last month using a Russian email address to try and extort money from the firm and that stars of The Only Way is Essex, were among customers whose details were accessed.

No one from Harley Medical Group was last night available to comment.
Source : http://www.dailymail.co.uk

About these ads

Heartbleed hackers steal encryption keys in threat test

The Heartbleed Bug is the latest computer security scare.  This software information leak may grant hackers access to your banking information, e-mail accounts, and other personal information.

Its name comes from the term, “heartbeat extension.”  This is used in software to check that a connection between two servers is live.  Unfortunately, there is a flaw in this heartbeat code.  For us, this means our personal information may be at risk.

“For the individual worst case scenario is using a small town bank that does not fix this vulnerability, logging into the banking site and the attacker getting the keys to that encrypted connection and stealing the password.  That would give them access to all their accounts,” said Will Spencer, Missouri State University’s Information Security Officer.

Spencer said about 30% of internet sites still had this vulnerability as of last week.

“We see a lot of smaller organizations who do not have security staff and do not have resources to patch this bug,” said Spencer.

Your personal information on these websites is accessible to hackers.

“They can compromise information which means take your personal identity, credit card information, whatever they can find,” explained Spencer.

Many big companies like Google, Yahoo, Facebook, and Springfield City Utilities have fixed the problem.

Joel Alexander with Springfield City Utilities confirmed this.

“Almost immediately from finding out that there might be an issue with this software problem we took the necessary steps to be proactive with it,” explained Alexander.

“There are resources on the internet where you can check on a website and they can tell you if it’s been fixed,” said Spencer.

You can go to this “Heartbleed Test” website to see if a site you use is affected by the bug.  Just type the name of the site and you’ll see if it’s safe.

If you use Gmail, Yahoo, or Facebook and you are wondering if you should change your password, Spencer said, “Absolutely! It’s never a bad idea to change your password.”

Spencer said no individuals have lost information at this time.  However, the problem is that we cannot tell right away if hackers have hold of our information.

“And we’re never going to know until it’s too late,” added Spencer.

Spencer also recommended logging out of websites every time you are finished.  He said don’t be surprised if you see an email from a company like Google or Yahoo requesting that you change your password.

Source : http://www.ozarksfirst.com

Microsoft: documents were stolen during recent employee email hack

 

Recent phishing attack targets select Microsoft employees

Recent phishing attack targets select Microsoft employees

It hasn’t been a pleasant start to 2014 so far for Microsoft: the Redmond-based company has been under attack from the Syrian Electronic Army across its email, social media and website systems. Now Microsoft has confirmed in a blog post that documents “associated with law enforcement inquiries” have been stolen as well.

It would seem that Microsoft’s announcement is designed to preempt any leaking of these documents by the SEA or other organizations that have got their hands on them. The blog post states: “Out of regard for the privacy of our employees and customers — as well as the sensitivity of law enforcement inquiries — we will not comment on the validity of any stolen emails or documents.”

As yet it doesn’t appear that any customer or user information was involved in the smash-and-grab, but Microsoft isn’t ruling it out either: “If we find that customer information related to those requests has been compromised, we will take appropriate action.”

“In terms of the cyberattack, we continue to further strengthen our security,” continues the post, penned by Adrienne Hall of Microsoft’s Trustworthy Computing Group. “This includes ongoing employee education and guidance activities, additional reviews of technologies in place to manage social media properties, and process improvements based on the findings of our internal investigation.”

To date, Microsoft’s woes at the hands of the SEA have included unauthorized blog posts, Twitter account hijacks and phishing attempts targeted at company employees. Adrienne Hall and her colleagues will be hoping for an easier ride for the rest of the year.

Read more: Digital Trends

Pune-based global hacker Amit Vikram Tiwari arrested

In what is being termed as the biggest international hacking scandal, possibly involving corporates, associations and big individuals, coordinated raids were conducted by investigative agencies in India, China and Romania, on the basis of intelligence from Federal Bureau of Investigation about the “organised hacking” happening in three countries and others. In India, the Central Bureau of Investigation conducted raids at four places including Mumbai, Pune and Ghaziabad and arrested the alleged mastermind hacker in India – Amit Vikram Tiwari (31), son of a former army colonel, said sources.

Interestingly, the controversial cricket league – Indian Premier League – is back in news again with the hacking scandal. According to highly placed sources, people connected to the IPL had approached Tiwari for hacking into the some accounts but they reportedly had a dispute over money after which work was not reportedly completed. CBI is investigating the IPL connection with the hacking. Officials refused to divulge details but hinted that some people associated with the tournament wanted high-level hacking done.

The primary investigations have revealed that corporates, individuals and even companies – “the clients” – had approached the hackers either for marriage disputes related issues or commercial purposes, which sources described as “corporate rivalry”.

It is suspected that Amit Vikram Tiwari is main hacker in India but he was in touch with people abroad and master-hackers are based somewhere else. Sources also said that most of clients who approached Tiwari for hacking into email accounts and websites were foreigners. All possibilities — national security, corporate hacking, financial fraud and hacking into government departments and secret units, are being probed by CBI in coordination with FBI.

Officials say that 900 email accounts were hacked between February 2011 and February 2013 by international hackers including Tiwari and 171 accounts out of these belonged to Indians. “It has been alleged that a number of internet websites advertised that the website operators could get access to e-mail account in exchange for a fee varying from $250 to $500. The customers desirous to get unauthorized access, submitted e-mail accounts to these websites. Upon receipt of the order, as well as the e-mail addresses, the website operators gained access to such e-mail accounts and sent a proof of such access to the customers. On receipt of payment from Customers these website operators shared the password with the customers,” said CBI Spokesperson Kanchan Prasad. CBI has booked Tiwari and unknown hackers for criminal conspiracy, theft of information and Section 66 of Information Technology Act.

Sources say that payments were being received by hackers through western union money transfer and web-payment portal paypal.com.

What has baffled investigators is that FBI tracking the scandal. It is being suspected that some accounts related to United States government and big corporates there were also hacked after which FBI tracked the hosting sites, used for hacking, in India, China and Romania. In India, Tiwari and his fellow hackers were using two primary websites – and from Pune.

CBI Director Ranjit Sinha said that this was part of an international law enforcement operation and CBI had registered two FIRs against suspect operators of hacking websites. “The operation is product of an international investigation coordinated by Federal Bureau of Investigation, Department of Combating Organised Crime (DCCO) of Romania, CBI and the Ministry of Public Security (MPS) of China and raids in three countries were carried out simultaneously,” said Sinha.

The FBI officials had been reportedly having regular meetings with CBI in New Delhi over past few months and a preliminary enquiry was registered last month itself and it was decided that coordinated raids would be conducted in all the countries. FBI has launched major operation against hackers located globally last year as part of which Romanian authorities have arrested a hacker known as ‘Guccifer’ on Thursday who was infamous for hacking into accounts of powerful leaders. It is alleged that Guccifer leaked online Colin Powell’s personal emails, an unreleased script of Downton Abbey, and the paintings of George W Bush.

CBI sources say they had no information about arrests made in Romania and China as it was the domain of authorities in those countries and it was only concerned with the probe in India.

CBI officials, after arresting Tiwari from Pune, were bringing him to Delhi for interrogation. He has initially given some inputs about his clients and people whose accounts were hacked. Agency has recovered his computers, laptop and hard-drives for retrieving the data.

Sources say that Tiwari, who had reportedly done his engineering from Pune, had been arrested in 2003 as well for trying to defraud a Mumbai based credit card processing company. Mumbai Police had arrested him for the scandal.

Source : TOI

Millions of email accounts, passwords stolen by hackers

The passwords and other details of 16 million email users in Germany have been stolen, the country’s security agency has revealed.

Millions of email accounts, passwords stolen by hackers

Millions of email accounts, passwords stolen by hackers

Researchers and prosecutors stumbled upon the hacked accounts while conducting research on a botnet, a network of computers infected with malware.

Germany’s Federal Office for Information Security (BSI) has created a website to help people find out whether or not their e-mail was among those hacked. The site temporarily crashed on Tuesday due to heavy traffic. Users who submit their email address to the website will be sent an message if their account has been compromised.

“If that happens, then your computer is most likely infected with malware,” Tim Griese, with the Federal Office for Information Security, told the news agency DPA.

Authorities have not released information on who stole the e-mail accounts.

Russia hacked hundreds of Western, Asian companies: security firm

A U.S. cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic – rather than political – gains.

According to the firm, CrowdStrike, the victims of the previously unreported cyber espionage campaign include energy and technology firms, some of which have lost valuable intellectual property.

CrowdStrike declined to go into detail about those losses or to name any victims, citing confidentiality agreements related to its investigation.

Officials with the Russian Interior Ministry could not be reached for comment early on Wednesday in Moscow.

“These attacks appear to have been motivated by the Russian government’s interest in helping its industry maintain competitiveness in key areas of national importance,” Dmitri Alperovitch, chief technology officer of CrowdStrike, told Reuters on Tuesday evening.

Cybersecurity researchers have in the past said that China’s government was behind cyber espionage campaigns against various corporations dating back as far as 2005, but China has vehemently denied those allegations. Alperovitch said this is the first time the Russian government has been linked to cyber intrusions on companies.

Governments have been using computer networks to spy on each other for more than 30 years in the type of surveillance programs conducted by virtually every nation, according to CrowdStrike. It is only in the past decade that some nations have started using cyber espionage as a platform for gaining data to help promote their national economic interests, according to Alperovitch.

CrowdStrike has been following the activities of the Russian group of hackers, which it dubbed “Energetic Bear,” for two years. The firm believes the Russian government is behind the campaign because of technical indicators, as well as analysis of the targets chosen and the data stolen, according to Alperovitch.

“We are very confident about this,” he said. Victims include European energy companies, defense contractors, technology companies and government agencies, according to the CrowdStrike report.

Manufacturing and construction firms in the United States, Europe and Middle East as well as U.S. healthcare providers were also cited as targets in the report that was posted on the web early on Wednesday morning, here

CrowdStrike described the activities of the Energetic Bear hackers in its annual cyber threat report, released on Wednesday. It also documented attacks by hacking groups in China and Iran and described the activities of the activist Syrian Electronic Army.

Alperovitch, who is of Russian ethnic origin and now lives in the Washington, D.C., area, is an expert on cyber espionage who rose to prominence while working for McAfee Inc. While there he managed a team of researchers who produced a landmark January 2010 report that described how Chinese hackers had launched an unprecedented series of attacks known as “Operation Aurora” on Google Inc and dozens of other companies.

In 2012, he co-founded CrowdStrike, which collects intelligence about the activities of hacking groups around the world and sells software to thwart such attacks.

He told Reuters that the data his firm has obtained about Energetic Bear suggests that authorities in Moscow have decided to start using cyber espionage to promote Russia’s national economic interests.

“They are copying the Chinese play book,” he said. “Cyber espionage is very lucrative for economic benefit to a nation.”

Source : Reuters