Cosmetic surgery files hacked

Details of 500,000 people stolen and used in blackmail attempt

  • Information submitted to Harley Medical Group accessed by hackers
  • Security breach bid to blackmail high end cosmetic surgery firm
  • ‘Russian hackers behind the breach’, it has been reported
Harley Medical Group

Harley Medical Group

One of Britain’s best-known and biggest providers of private cosmetic surgery has been targeted by computer hackers, it was revealed last night.

Confidential personal details of nearly 500,000 people who made an enquiry about surgery via Harley Medical Group’s website were stolen in an apparent bid to blackmail the company.

Patients interested in surgery are asked to fill in an online form ahead of an appointment, with details including phone numbers, email address and date of birth.

That personal information was accessed and stolen in a security breach, the firm admitted in a letter to patients posted online.

The company carries out a range of cosmetic surgery from breast augmentations and reductions to facelifts and tummy tucks. It boasts to potential customers on its website: ‘Our No 1 goal is to look after you.’

But Peter Boddy, chairman of the company that is based in Thames Ditton, Surrey, and has 31 clinics nationwide, was forced to write to clients apologising for the security breach.

He reassured them that ‘clinical and financial information has not been compromised’.

Mr Boddy wrote: ‘We recently became aware that an unknown individual had deliberately bypassed our website security, gaining access to information from initial website enquiries in an attempt to extort money from the company.’

Later, Harley Medical Group posted on Twitter: ‘We’re sorry details of initial enquiries have been accessed illegally and assure clinical and financial information is secure.’

The company said that it had improved its security.

Last night The Sun reported that Russian hackers were responsible.

They claimed the crooks struck last month using a Russian email address to try and extort money from the firm and that stars of The Only Way is Essex, were among customers whose details were accessed.

No one from Harley Medical Group was last night available to comment.
Source :

About these ads

Russia hacked hundreds of Western, Asian companies: security firm

A U.S. cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic – rather than political – gains.

According to the firm, CrowdStrike, the victims of the previously unreported cyber espionage campaign include energy and technology firms, some of which have lost valuable intellectual property.

CrowdStrike declined to go into detail about those losses or to name any victims, citing confidentiality agreements related to its investigation.

Officials with the Russian Interior Ministry could not be reached for comment early on Wednesday in Moscow.

“These attacks appear to have been motivated by the Russian government’s interest in helping its industry maintain competitiveness in key areas of national importance,” Dmitri Alperovitch, chief technology officer of CrowdStrike, told Reuters on Tuesday evening.

Cybersecurity researchers have in the past said that China’s government was behind cyber espionage campaigns against various corporations dating back as far as 2005, but China has vehemently denied those allegations. Alperovitch said this is the first time the Russian government has been linked to cyber intrusions on companies.

Governments have been using computer networks to spy on each other for more than 30 years in the type of surveillance programs conducted by virtually every nation, according to CrowdStrike. It is only in the past decade that some nations have started using cyber espionage as a platform for gaining data to help promote their national economic interests, according to Alperovitch.

CrowdStrike has been following the activities of the Russian group of hackers, which it dubbed “Energetic Bear,” for two years. The firm believes the Russian government is behind the campaign because of technical indicators, as well as analysis of the targets chosen and the data stolen, according to Alperovitch.

“We are very confident about this,” he said. Victims include European energy companies, defense contractors, technology companies and government agencies, according to the CrowdStrike report.

Manufacturing and construction firms in the United States, Europe and Middle East as well as U.S. healthcare providers were also cited as targets in the report that was posted on the web early on Wednesday morning, here

CrowdStrike described the activities of the Energetic Bear hackers in its annual cyber threat report, released on Wednesday. It also documented attacks by hacking groups in China and Iran and described the activities of the activist Syrian Electronic Army.

Alperovitch, who is of Russian ethnic origin and now lives in the Washington, D.C., area, is an expert on cyber espionage who rose to prominence while working for McAfee Inc. While there he managed a team of researchers who produced a landmark January 2010 report that described how Chinese hackers had launched an unprecedented series of attacks known as “Operation Aurora” on Google Inc and dozens of other companies.

In 2012, he co-founded CrowdStrike, which collects intelligence about the activities of hacking groups around the world and sells software to thwart such attacks.

He told Reuters that the data his firm has obtained about Energetic Bear suggests that authorities in Moscow have decided to start using cyber espionage to promote Russia’s national economic interests.

“They are copying the Chinese play book,” he said. “Cyber espionage is very lucrative for economic benefit to a nation.”

Source : Reuters

17 year old fingered as author of malware used in Target attack

A 17 year old Russian hacker who goes by the online handle of “ree4″ has been identified as the author of the malware that was used to attack Target and Neiman Marcus.

The teenager, Sergey Taraspov, is well known in cyber crime circles having developed other malicious codes to hack commercial systems. He apparently sold about 40 copies of his program to criminals who then modified it slightly and used it to sweep up at least 80 million debit and credit card numbers from Target alone.

Now, the firm that first revealed the Target attack, is saying that 6 other companies suffered a similar fate.

PC World:

Clements said IntelCrawler is “90 percent” sure of its finding, based on the forum postings and sources it communicated with.

The forum posts indicate the teenager sold the malware for $2000 or for a share of the profits that came from monetizing stolen payment card details, Clements said.

BlackPOS was also sold to “carding” websites such as .rescator, and that trade in stolen card details, according to IntelCrawler.

BlackPOS was originally called Kaptoxa, which is Russian slang for potato. Clements said the Russian teenager eventually renamed the malware BlackPOS during a fresh marketing push.

Dallas-based security company iSight Partners wrote in a report earlier this week on the Target hack, which it called the “Kaptoxa operation.” It says the hackers used a high level of skill to gain stealthy access to the retailer’s network.

International Business Times is reporting that the 6 other companies targeted in the hack have not informed their customers yet:

Retailers in California and New York were among those hacked with kARTOXA/BlackPOS, the software used in the attack on Target.

Security researchers at the Los Angeles-based IntelCrawler said the teen malware author created the first sample of the software in March 2013. Komarov issued the first report on this malware in the beginning of the spring, when he worked for another forensics company.

Komarov also said in an email to the IBTimes that there is evidence of more than six ongoing attacks, but that he cannot yet release more information.

“We will report with the first feedback and approval from [law enforcement authorities],” Komarov said.

IntelCrawler describes itself as a “a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3,000,000,000 IPv4 and over 200,000,000 domain names, which are scanned for analytics and dissemination to drill down to a desired result.”

I have taken to checking my bank balance almost every day looking for any charges I didn’t make. It’s probably a good habit to get into anyway, but especially now with these massive hacks underway. I have also invested in Lifelock which would inform us if any suspicious activity occurred or was occurring on our bank account or cards. It won’t prevent an attack but it can help limit the damage.

Better get used to this. It looks like we’re getting a peek at the future of e-commerce.

Source : American Thinker

Russia grants one year asylum to Edward Snowden

The whole time Edward Snowden has been seeking asylum, WikiLeaks staffer Sarah Harrison has been by his side.

She has emerged as a central, if mysterious, figure in the saga that has taken Snowden across the world in an attempt to evade U.S. espionage charges. Harrison rose from intern to one of WikiLeaks’ founder Julian Assange’s most trusted lieutenants in just a few years, but she has earned an even higher profile as Snowden’s guide and adviser.

"He has left the airport to go to a safe location"

“He has left the airport to go to a safe location”

WikiLeaks says she traveled with the former NSA systems analyst from Hong Kong to Moscow. She appeared next to Snowden at a meeting with activists at the Moscow airport where he was stranded in hiding for weeks. She even slipped out of the airport in a taxi with him after Russia granted him asylum Thursday, according to the group.

WikiLeaks has otherwise not revealed much about her. But what is clear is that she has become indispensable to the organization.

It has described her as Snowden’s legal adviser. While she does not appear to have a law degree, her bio on the Wikileaks websites lists Harrison as a “U.K. citizen, journalist and legal researcher.” Media reports put her age at 31.

While interning at the Center of Investigative Journalism, based at London’s City University, she helped WikiLeaks’ founder Julian Assange with the organization’s disclosure of secret U.S. military records, according to the group’s website. Harrison went on to join the Bureau of Investigative Journalism in August 2010, working as a researcher at the British not-for-profit that supports investigative journalism.

There she worked on the team handling a series of Iraq War files released by WikiLeaks to several major media organizations —before moving into WikiLeaks itself in October 2010. Since then, she has maintained a constant, but mostly silent, presence at Assange’s side.

She was with him at the English country manor where he lived under house arrest while resisting extradition to Sweden on sex-related allegations. She was also with him at his court appearances. She was also among those who forked over funds for his bail, money they lost when he sought refuge in the Ecuadorean Embassy in violation of his bail conditions.

But with Assange holed up in the embassy, Harrison has taken on a more public role with the organization.

She appeared at London’s Frontline Club last year to announce that WikiLeaks was in the process of publishing material from 2.4 million Syrian emails, many of which it said came from official government accounts. In that appearance, she acknowledged that WikiLeaks was facing “a difficult time at the moment” but said “we are continuing to work through that.”

On Thursday, WikiLeaks announced that Snowden had left the Moscow airport — under Harrison’s care. Rarely seen publicly in their weeks hiding out at the Sheremetyevo airport transit zone, that appears unlikely to change now that they have taken a taxi to somewhere in Russia.

“Harrison has remained with Mr. Snowden at all times to protect his safety and security, including during his exit from Hong Kong,” WikiLeaks said in a statement. “They departed from the airport together in a taxi and are headed to a secure, confidential place.”

Group behind largest Ransomware campaign arrested by Spanish police

The infamous Reveton ransomware gang has finally been apprehended by the legal authorities who made millions of Euros every year by deceiving unsuspecting victims in more than 30 countries. The gang consists of as many as 11 members, including 2 Ukrainians, 6 Russians, and 2 Georgians. This breakthrough was made by Europol and the Spanish Police was the one who arrested these 10 people in Spain. The man suspected to be the leader of this gang, a 27 year old Russian national, was apprehended in Dubai in December last year, and the Spanish authorities are trying to get him extradited successfully to Spain.

The gang is the one who developed and distributed the Reveton malware which is known as the Police Trojan, since it used to freeze infected computers and display a warning message urging the users to pay a false fine by accusing them of accessing pornographic sites or illegally downloading content from the internet. The message is posed as having been sent by the police authorities and in order to access the system a payment must be made. The payment is demanded by purchasing a voucher from a prepaid cash service such as Ukash and Paysafecard which were sent from US to Spain where the vouchers were cashed and then to Russia. There are as many as 48 variants of this malware according to security experts which can forge messages from many Police departments in many European countries.  The malware has been in circulation as early as 2005 but it was refined by hackers for distribution in many countries which are mainly European countries as Europe was the major target.

Trend Micro, a leading online security firm, has estimated that these cyber criminals were raking in as much as million Euros per year from thousands of victims through this illegal scheme. Moreover, they also revealed that the gang was developing variants of the malware to be used in the U.S. and Canada further expanding their range of operation.

Group behind largest Ransomware campaign arrested by Spanish police

Group behind largest Ransomware campaign arrested by Spanish police

The Spanish Police got interested in the case in the May of 2011, when they received as many as 1200 complaints though many more people were affected actually. The police revealed that the 10 suspects arrested were involved in other aspects of the operation, while the Russian national arrested in Dubai was the one who developed the malware itself.

This operation of nabbing the gang was a highly coordinated one in which experts from the Trend Micro and Spanish authorities collaborated. The Trend Micro assisted the police in tracking the criminals using technology and then the police performed the arrests. This operation is a prime example of such collaboration between private organizations and authorities with the former providing the technological infrastructure to the latter so as to apprehend wrongdoers. Trend Micro has been associated in many such cases in the recent and this is another success for their e-crime unit.

Well, the Spanish authorities must be happy with the successful results of their coordinated operation as this is a big win against cyber crime.

Russian Hackers Behind Gozi Malware charged for Infecting Millions users

Gozi Malware Creators Charged in the US; the Russian Faces 95 years in Prison

The Russian cyber criminal behind the infamous Gozi malware, which affected more than a million computers worldwide and was designed with the intent of stealing confidential banking credentials of users and affected thousands of customers was charged in New York along with two accomplices according to the files released by the U.S. Department of Justice.

Nikita Vladimirovich Kuzmin, the mastermind behind the Gozi malware coding and distribution was charged along with Deniss Calovskis, and Mihai Inout Paunescu, all of whom are from Eastern Europe an were involved in this cyber crime. The charges against them include wire fraud, access device fraud, and computer intrusion, and bank fraud as per the U.S. Attorney’s Office for the Southern District of New York.

Russian Hackers Behind Gozi Malware charged for Infecting Millions users

Russian Hackers Behind Gozi Malware charged for Infecting Millions users

Kuzmin, who hails from Russia, is supposed to have created the program for Gozi sometime around 2005, when he conceived of an idea to create a virus which could steal banking credentials from victims and could escape antivirus software. He enumerated the technical details for such a program and then hired a computer programmer to write the source code. After developing the virus, he started renting it to other like minded cyber criminals who wished to steal various types of data for a weekly fee. The virus was delivered via various means, and stolen data would be stored on a server, the access to which was granted depending on the time period for which the payment was made. This distribution started in 2007 and was limited to Europe during that period, and reached the U.S. only in 2010.

The Gozi Malware comes in a family of software known as zombie software, which uses the method of HTML injection so as to trick victims into revealing their account details which can be accessed by criminals later on.

All three persons had their defined roles and would function in a systematic manner and had codenames in this project of theirs. Calovski, a Latvian who used the name “Miami” was the HTML injection expert and the one who anti-security updates to the criminals who could use these web injects to extract information from their victims as these injects were able to alter the appearance of banking websites to the customers.

Paunescu, who comes from Romania,  and who went by the name “Virus”, was responsible for providing a bulletproof hosting service to their criminal clients, which consists of IP addresses and servers which were used to send the scam emails containing the Gozi malware and others such as Zeus and SpyEye  Trojans, and also controlling botnets and carrying out Denial of service attacks.

The case which was taken up by FBI in May 2010 when people in U.S. started getting affected and intercepted various conversations and emails from Kuzmin which finally led to his arrest in San Francisco in November 2010.

Kuzmin, later pleaded guilty to the charges against him and helped investigators in their investigation into the case.
As of now, it has been confirmed that Gozi Malware has affected more than 40,000 computers in U.S., including 160 computers of NASA.
Kuzmin might face a maximum penalty of 95 years in prison, Claovskis has been given 65 years and Paunescu can face 60 years in prison though how much they will be awarded will be revealed only when the courts sentence them.