Ashley Madison exec steps down; site to stay up

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Noel Biderman, CEO of Avid Life Media, parent company of adultery website Ashley Madison, is stepping down from the company after a hack that left 37 million customers exposed. “This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees. We are steadfast in our commitment to our customer base,” a statement posted on Avid Life Media’s website said. “We are actively adjusting to the attack on our business and members’ privacy by criminals.” Avid Life Media plans to continue to operate its dating websites and will be led by its senior management team until a new CEO is appointed, the statement said. The company also reiterated its commitment to protecting its customer base while also working with law enforcement to find the person or group responsible for the massive data breach. Source: ABC News

Ashley Madison hacker one step closer to being identified?

Security researcher Brian Krebs claims he knows who carried out the Ashley Madison hack. Krebs claims the infidelity website hack was likely conducted by Twitter user Thadeus Zu, or @deuszu. Krebs says Zu tweeted the massive cache of Ashley Madison user data using the same proprietary source code as the Impact Team, which has claimed responsibility for the hack. The tweets were sent well before mainstream media reported on the data dump. The Toronto Police Department is spearheading an investigation into the Ashley Madison hack, which last week revealed the personal data of up to 37 million clients. The website’s parent company, Avid Life Media, is offering a $500,000 Canadian cash reward for information leading to the arrest of the hackers—nearly $380,000. Source: The Hill

Threaten our defenders? We think not

sh_drone attack_250The cyber hacker affiliated with the Islamic State Hacking Division, responsible for exposing the personal information of hundreds of U.S. military and government personnel, has been killed in a drone strike, reports say. Junaid Hussain, also known as Abu Hussain al-Britani, was killed by a U.S. drone strike in Syria. He had been pinpointed in a “targeted strike” outside the Syrian city of Raqqa. U.S. officials have not confirmed his death. Hussain, on behalf of the IS Hacking Division, in early August published names, emails, passwords and phone numbers of more than 1,480 members in the Air Force, Marines, NASA, FBI, State Department, and the Port Authority of New York and New Jersey. The group urged “lone wolves” to “process the info and assassinate,” according to tweets sent out by Hussain’s account, which was suspended shortly afterward. Source: Military Times

Taxing time for former tax man

A former Internal Revenue Service employee has been sentenced to two years and one day in prison for his role in an identity theft tax refund fraud scheme. U.S. District Judge Lee Yeakel also ordered Kenneth Goheen to forfeit $15,442.02 seized from his bank accounts and pay a remaining sum of $104,292.02 restitution to the government. Yeakel also ordered that Goheen be placed on supervised release for a period of three years after completing his prison term. Goheen pleaded guilty to one count of wire fraud and one count of aggravated identity theft. By pleading guilty, Goheen, a former Tax Examining Technician, admitted that he wrongfully obtained identification information from Individual Tax Identification Number applicants and used it to file more than 50 fraudulent tax returns between March 2013 and January 2015. Goheen collected more than $120,000 in refunds based on those fraudulent returns. Source: Accounting Today

It’s all about the shoes

sh_shoe smuggle_280A Chinese hardware hacker has created a pair of 3D printed shoes capable of smuggling penetration testing equipment past security. The hacker, who goes under the name “SexyCyborg,” designed the shoes to have hidden compartments that can be taken out without the shoes being taken off. Each drawer contains equipment for hacking into secure systems, such as malicious flash drives and a router to log into networks via Wi-Fi. Source: The (U.K.) Daily Mail

Face your time behind bars

sh_prisoner fraud_750A man pleaded guilty to a federal charge for his role in an international computer hacking case and faces up to three years in prison, court papers said. The Department of Justice said Eric Crocker used a Facebook Spreader, which is computer code that infected the computers of Facebook users and turned those devices into bots. That let him control computers through command-and-control servers, prosecutors said. The investigation focused on a computer hacker forum, Darkode, which U.S. Attorney David Hickton said was a “cyber hornets’ nest” of criminal hackers. According to court papers, Darkode was a password-protected forum in which members allegedly used one another’s’ skills or products to infect electronic devices around the world using malware. Facebook Spreader’s code accessed a victim’s Facebook friends list and sent out mass messages posing as the victim, according to court papers. Each message contained a link to a computer file that, if opened, infected the recipient’s computer with malware, the papers said. Source: The (Binghamton, N.Y.) Press & Sun Bulletin

Dude, that beer’s just not worth it

sh_fake id_280New York Gov. Andrew Cuomo is warning college students about the risks of buying fake IDs online. Cuomo says state investigators discovered “dozens” of cases of identity theft that occurred after the victim tried to purchase fake IDs online. Officials say the victims went online to buy fake driver’s licenses and handed over their name, address, date of birth, and other personal details to scam artists who used the information to commit identity theft. Cuomo notes that the effects of identity theft can linger for years and says getting a fake ID isn’t worth the risk of getting caught or of being victimized by identity thieves. Source: WGRZ, Buffalo

Box it up; we’ll take it

The Army is trying to speed cyber-related acquisition by using a template known as the Information Technology Box. Officials said the goal is to quickly supply soldiers with IT tools such as sensors, forensics and “insider threat discovery capabilities” in a matter of weeks rather than the months or years a traditional acquisition might take. “Cyber doesn’t fit the traditional acquisition process that you would use to deliver a tank,” said Kevin Fahey, executive director of the Army’s System of Systems Engineering and Integration Directorate. The Defense Department first used the IT Box template in 2008 and updated it in 2012, according to the article. “IT Box is not new. What’s new is how the Army is tailoring the IT Box and other innovative acquisition methods to meet the demands of cyber,” Army spokesman Lt. Col. Jesse Stalder said. Source: FCW

I’ve got a few things I want to discuss …

sh_china hack_280The White House said that President Obama will “no doubt” raise concerns about China’s cybersecurity behavior when he meets with Chinese President Xi Jinping next month. Obama will host Xi at the White House in September for a state visit. The United States has alleged Chinese hackers have stolen information from several U.S. computer servers. Tensions between the U.S. and China over cybersecurity have increased following a massive hack of the Office of Personnel Management this spring. Sources: Reuters; The Hill