Ashley Madison exec steps down; site to stay up

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Noel Bider­man, CEO of Avid Life Media, par­ent com­pa­ny of adul­tery web­site Ash­ley Madi­son, is step­ping down from the com­pa­ny after a hack that left 37 mil­lion cus­tomers exposed. “This change is in the best inter­est of the com­pa­ny and allows us to con­tin­ue to pro­vide sup­port to our mem­bers and ded­i­cat­ed employ­ees. We are stead­fast in our com­mit­ment to our cus­tomer base,” a state­ment post­ed on Avid Life Media’s web­site said. “We are active­ly adjust­ing to the attack on our busi­ness and mem­bers’ pri­va­cy by crim­i­nals.” Avid Life Media plans to con­tin­ue to oper­ate its dat­ing web­sites and will be led by its senior man­age­ment team until a new CEO is appoint­ed, the state­ment said. The com­pa­ny also reit­er­at­ed its com­mit­ment to pro­tect­ing its cus­tomer base while also work­ing with law enforce­ment to find the per­son or group respon­si­ble for the mas­sive data breach. Source: ABC News

Ashley Madison hacker one step closer to being identified?

Secu­ri­ty researcher Bri­an Krebs claims he knows who car­ried out the Ash­ley Madi­son hack. Krebs claims the infi­deli­ty web­site hack was like­ly con­duct­ed by Twit­ter user Thadeus Zu, or @deuszu. Krebs says Zu tweet­ed the mas­sive cache of Ash­ley Madi­son user data using the same pro­pri­etary source code as the Impact Team, which has claimed respon­si­bil­i­ty for the hack. The tweets were sent well before main­stream media report­ed on the data dump. The Toron­to Police Depart­ment is spear­head­ing an inves­ti­ga­tion into the Ash­ley Madi­son hack, which last week revealed the per­son­al data of up to 37 mil­lion clients. The website’s par­ent com­pa­ny, Avid Life Media, is offer­ing a $500,000 Cana­di­an cash reward for infor­ma­tion lead­ing to the arrest of the hackers—nearly $380,000. Source: The Hill

Threaten our defenders? We think not

sh_drone attack_250The cyber hack­er affil­i­at­ed with the Islam­ic State Hack­ing Divi­sion, respon­si­ble for expos­ing the per­son­al infor­ma­tion of hun­dreds of U.S. mil­i­tary and gov­ern­ment per­son­nel, has been killed in a drone strike, reports say. Junaid Hus­sain, also known as Abu Hus­sain al-Bri­tani, was killed by a U.S. drone strike in Syr­ia. He had been pin­point­ed in a “tar­get­ed strike” out­side the Syr­i­an city of Raqqa. U.S. offi­cials have not con­firmed his death. Hus­sain, on behalf of the IS Hack­ing Divi­sion, in ear­ly August pub­lished names, emails, pass­words and phone num­bers of more than 1,480 mem­bers in the Air Force, Marines, NASA, FBI, State Depart­ment, and the Port Author­i­ty of New York and New Jer­sey. The group urged “lone wolves” to “process the info and assas­si­nate,” accord­ing to tweets sent out by Hussain’s account, which was sus­pend­ed short­ly after­ward. Source: Mil­i­tary Times

Taxing time for former tax man

A for­mer Inter­nal Rev­enue Ser­vice employ­ee has been sen­tenced to two years and one day in prison for his role in an iden­ti­ty theft tax refund fraud scheme. U.S. Dis­trict Judge Lee Yeakel also ordered Ken­neth Goheen to for­feit $15,442.02 seized from his bank accounts and pay a remain­ing sum of $104,292.02 resti­tu­tion to the gov­ern­ment. Yeakel also ordered that Goheen be placed on super­vised release for a peri­od of three years after com­plet­ing his prison term. Goheen plead­ed guilty to one count of wire fraud and one count of aggra­vat­ed iden­ti­ty theft. By plead­ing guilty, Goheen, a for­mer Tax Exam­in­ing Tech­ni­cian, admit­ted that he wrong­ful­ly obtained iden­ti­fi­ca­tion infor­ma­tion from Indi­vid­ual Tax Iden­ti­fi­ca­tion Num­ber appli­cants and used it to file more than 50 fraud­u­lent tax returns between March 2013 and Jan­u­ary 2015. Goheen col­lect­ed more than $120,000 in refunds based on those fraud­u­lent returns. Source: Account­ing Today

It’s all about the shoes

sh_shoe smuggle_280A Chi­nese hard­ware hack­er has cre­at­ed a pair of 3D print­ed shoes capa­ble of smug­gling pen­e­tra­tion test­ing equip­ment past secu­ri­ty. The hack­er, who goes under the name “Sexy­Cy­borg,” designed the shoes to have hid­den com­part­ments that can be tak­en out with­out the shoes being tak­en off. Each draw­er con­tains equip­ment for hack­ing into secure sys­tems, such as mali­cious flash dri­ves and a router to log into net­works via Wi-Fi. Source: The (U.K.) Dai­ly Mail

Face your time behind bars

sh_prisoner fraud_750A man plead­ed guilty to a fed­er­al charge for his role in an inter­na­tion­al com­put­er hack­ing case and faces up to three years in prison, court papers said. The Depart­ment of Jus­tice said Eric Crock­er used a Face­book Spread­er, which is com­put­er code that infect­ed the com­put­ers of Face­book users and turned those devices into bots. That let him con­trol com­put­ers through com­mand-and-con­trol servers, pros­e­cu­tors said. The inves­ti­ga­tion focused on a com­put­er hack­er forum, Dark­ode, which U.S. Attor­ney David Hick­ton said was a “cyber hor­nets’ nest” of crim­i­nal hack­ers. Accord­ing to court papers, Dark­ode was a pass­word-pro­tect­ed forum in which mem­bers alleged­ly used one another’s’ skills or prod­ucts to infect elec­tron­ic devices around the world using mal­ware. Face­book Spreader’s code accessed a victim’s Face­book friends list and sent out mass mes­sages pos­ing as the vic­tim, accord­ing to court papers. Each mes­sage con­tained a link to a com­put­er file that, if opened, infect­ed the recipient’s com­put­er with mal­ware, the papers said. Source: The (Bing­ham­ton, N.Y.) Press & Sun Bulletin

Dude, that beer’s just not worth it

sh_fake id_280New York Gov. Andrew Cuo­mo is warn­ing col­lege stu­dents about the risks of buy­ing fake IDs online. Cuo­mo says state inves­ti­ga­tors dis­cov­ered “dozens” of cas­es of iden­ti­ty theft that occurred after the vic­tim tried to pur­chase fake IDs online. Offi­cials say the vic­tims went online to buy fake driver’s licens­es and hand­ed over their name, address, date of birth, and oth­er per­son­al details to scam artists who used the infor­ma­tion to com­mit iden­ti­ty theft. Cuo­mo notes that the effects of iden­ti­ty theft can linger for years and says get­ting a fake ID isn’t worth the risk of get­ting caught or of being vic­tim­ized by iden­ti­ty thieves. Source: WGRZ, Buf­fa­lo

Box it up; we’ll take it

The Army is try­ing to speed cyber-relat­ed acqui­si­tion by using a tem­plate known as the Infor­ma­tion Tech­nol­o­gy Box. Offi­cials said the goal is to quick­ly sup­ply sol­diers with IT tools such as sen­sors, foren­sics and “insid­er threat dis­cov­ery capa­bil­i­ties” in a mat­ter of weeks rather than the months or years a tra­di­tion­al acqui­si­tion might take. “Cyber doesn’t fit the tra­di­tion­al acqui­si­tion process that you would use to deliv­er a tank,” said Kevin Fahey, exec­u­tive direc­tor of the Army’s Sys­tem of Sys­tems Engi­neer­ing and Inte­gra­tion Direc­torate. The Defense Depart­ment first used the IT Box tem­plate in 2008 and updat­ed it in 2012, accord­ing to the arti­cle. “IT Box is not new. What’s new is how the Army is tai­lor­ing the IT Box and oth­er inno­v­a­tive acqui­si­tion meth­ods to meet the demands of cyber,” Army spokesman Lt. Col. Jesse Stalder said. Source: FCW

I’ve got a few things I want to discuss …

sh_china hack_280The White House said that Pres­i­dent Oba­ma will “no doubt” raise con­cerns about China’s cyber­se­cu­ri­ty behav­ior when he meets with Chi­nese Pres­i­dent Xi Jin­ping next month. Oba­ma will host Xi at the White House in Sep­tem­ber for a state vis­it. The Unit­ed States has alleged Chi­nese hack­ers have stolen infor­ma­tion from sev­er­al U.S. com­put­er servers. Ten­sions between the U.S. and Chi­na over cyber­se­cu­ri­ty have increased fol­low­ing a mas­sive hack of the Office of Per­son­nel Man­age­ment this spring. Sources: Reuters; The Hill