Sunday, December 29, 2013

8 arrested December 29 , 2013 by Spain for pulling off global cyber bank attacks of more than 60 million , ringleader ( IT expert ) seized in Germany , similar to 45 million bank heists in February where two banks in the Middle East were targeted ! Nat West subject to another DDoS attack - they need to get their security together as this is the second time Nat West has had cyber attack troubles this month ( and they has troubles in March of this year , fourth attack in 18 months ! ) Additional hacks of note including the Christmas Day BBC hack !

Spain Arrests Eight Over $60 Million Global Bank Cyber Heists

4 Secrets of Metropolitan Museum Branch Bank Engelhard Court
Michelle Young/Untapped Cities
MADRID (Reuters) - Spanish police on Sunday said they had arrested eight people suspected of helping to steal more than $60 million from banks worldwide by hacking into credit card processing firms and withdrawing money from cash machines.
The arrests are one of the biggest breakthroughs yet outside the United States in connection with a series of global bank heists, coordinated across numerous countries by cells which withdrew millions of dollars in a matter of hours.
Spanish police said in a statement they had detained six Romanian citizens and two Moroccans on the outskirts of Madrid, and seized 25,000 euros ($34,400) in cash as well as around 1,000 blank credit cards, IT material and jewels after several building searches.
The statement said the global hacking gang had been controlled by a single person, who had been arrested in Germany. The police could not be reached for comment on when the alleged mastermind had been detained.
German prosecutors said in May they had arrested two Dutch citizens suspected of taking part in a $45 million cyber heist involving two Middle Eastern banks.
Prosecutors in Duesseldorf could not immediately be reached for comment on Sunday.
The Spanish police statement said they had acted with the help of an unnamed U.S. security agency.
"The bulk of the organization based in Spain has been dismantled when it was starting to regroup to carry out an attack similar to previous ones, in various European Union countries and including in Japan," the police said.
They said the ringleader was an IT expert who hacked into the databases used by credit card processing firms and could modify security settings, including PIN number restrictions and withdrawal limits, before getting cells worldwide to fake credit cards using some of the information.
The swiftness and scale of the heists was revealed earlier this year, when U.S. prosecutors arrested seven men suspected of the Middle Eastern bank thefts.
Around $45 million was stolen in several attacks using faked cards bearing the names of two banks, prosecutors said, with some $40 million raided from ATMs in 24 countries in just over 10 hours in February.
Spanish police said on Sunday 446 withdrawals took place in Madrid during a February raid, with the Spanish-based arm of the ring obtaining $400,000 in a heist totaling $40 million. They did not confirm which banks had been involved.
Previous raids had involved withdrawals in other Spanish cities and global takings by the crime ring amounted to over $60 million, they said.
Six further people were arrested and charged in the United States in November in connection with the million Middle Eastern bank theft.

The NatWest logo.
The NatWest logo.
A cyber-attack on NatWest in the UK left customers unable to access their online bank accounts on Friday.
The Distributed Denial of Service attack (DDoS), in which a system is overwhelmed by simultaneous online requests, froze the bank's website, leaving customers unable to pay bills or transfer funds.
"Due to a surge in internet traffic deliberately directed at the NatWest website, some of our customers experienced difficulties accessing our customer web sites this evening, " a NatWest spokesman said.
"We have taken the appropriate action to restore the affected websites. At no time was there any risk to customers."
Customers took to Twitter to vent their anger at the latest in a series of glitches and technical problems at the bank.
@TomGilchrist wrote: "Do other banks computer systems/services go down as much as NatWest? I assume not. Time to move banks I think."
In early December, on one of the busiest shopping days of the year, customers were unable to make payments or access money after another cyber attack.
It emerged that for years the bank had failed to invest properly in its IT systems.
"We need to put our customers' needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on," said the bank's chief executive afterwards.
In March, a "hardware fault" left RBS and Natwest customers unable to access online accounts or withdraw cash.
Customers' wages went missing, payments were lost, and transactions cancelled after a technical error in June, costing the bank £175 million in compensation.


NatWest 'Hit By Fourth Online Banking Glitch'

NatWest bank apologises to customers after its online service is disrupted by a denial-of-service attack.

NatWest and RBS
The banks have been hit by problems before
NatWest has been hit by a cyberattack, leaving customers unable to access online accounts.
The bank's online banking service was disrupted after it was deliberately bombarded with internet traffic.   
Twitter users tweeted to say they could not access their bank accounts to pay bills or transfer money.
@TomGilchrist wrote: "Do other banks computer systems/services go down as much as NatWest? I assume not. Time to move banks I think."
@AleexReid tweeted: "Just joined Santander. Fed up with NatWest. Another computer failure tonight. #welldone."
A NatWest spokesperson said: "Due to a surge in internet traffic deliberately directed at the NatWest website, some of our customers experienced difficulties accessing our customer web sites this evening.
"This deliberate surge of traffic is commonly known as a distributed denial-of-service (DDoS) attack.
"We have taken the appropriate action to restore the affected web sites. At no time was there any risk to customers. We apologise for the inconvenience caused."
At the beginning of December all of RBS and NatWest's systems went down for three hours on one of the busiest shopping days of the year.
The group chief executive Ross McEwan described that glitch as "unacceptable" and added: "For decades, RBS failed to invest properly in its systems.
"We need to put our customers' needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on."
RBS and NatWest also came under fire in March after a "hardware fault" meant customers were unable to use their online accounts or withdraw cash for several hours.
A major computer issue in June last year saw payments go awry, wages appear to go missing and home purchases and holidays interrupted for several weeks, costing the group £175m in compensation.
This latest problem is the fourth time in 18 months RBS and NatWest customers have reported problems with the banks' services.

Hackers have been busy........

Exclusive: Hacker took over BBC server, tried to 'sell' access on Christmas Day

By Jim Finkle
BOSTON (Reuters) - A hacker secretly took over a computer server at the BBC, Britain's public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system.
While it is not known if the hacker found any buyers, the BBC's security team responded to the issue on Saturday and believes it has secured the site, according to a person familiar with the cleanup effort.
A BBC spokesman declined to discuss the incident. "We do not comment on security issues," he said.
Reuters could not determine whether the hackers stole data or caused any damage in the attack, which compromised a server that manages an obscure password-protected website.
It was not clear how the BBC, the world's oldest and largest broadcaster, uses that site,, though ftp systems are typically used to manage the transfer of large data files over the Internet.
The attack was first identified by Hold Security LLC, a cybersecurity firm in Milwaukee that monitors underground cyber-crime forums in search of stolen information.
The firm's researchers observed a notorious Russian hacker known by the monikers "HASH" and "Rev0lver," attempting to sell access to the BBC server on December 25, the company's founder and chief information security officer, Alex Holden, told Reuters.
"HASH" sought to convince high-profile hackers that he had infiltrated the site by showing them files that could only be accessed by somebody who really controlled it, Holden said.
So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC, Holden said.
It is common for hackers to buy and sell access to compromised servers on underground forums.
Buyers view the access as a commodity that grants them the chance to further penetrate the victim organization. They can also use compromised servers to set up command-and-control centers for cyber-crime operations known as botnets, run spam campaigns or launch denial of service attacks to knock websites off line.
The BBC offer stands out because the media company is such a high-profile organization, Holden said. "It's definitely a notch in someone's belt."
BBC has some 23,000 staff and is funded largely by license fees paid by every British household with a television.
Justin Clarke, a principal consultant for the cybersecurity firm Cylance Inc, said that while "HASH" was only offering access to an obscure ftp server, some buyers might see it as a stepping stone to more prized assets within the BBC.
"Accessing that server establishes a foothold within BBC's network which may allow an attacker to pivot and gain further access to internal BBC resources," he said.
Media companies, including the BBC, have repeatedly been targeted by the Syrian Electronic Army, which supports Syrian President Bashar al-Assad, and other hacker activist groups that deface websites and take over Twitter accounts.
Last January the New York Times reported that it had been repeatedly attacked over four months by Chinese hackers who obtained employees' passwords.

W.J. Bradley Mortgage Capital Admits Insider Breach

A former loan officer took clients' credit reports, Social Security numbers, bank account information, tax information and other personal data.

Colorado's W.J. Bradley Mortgage Capital (WJB) recently began notifying an undisclosed number of clients that their personal information was taken from the company's systems by a former WJB loan officer.
The notification letter [PDF] states that in late July and August of 2013, former WJB loan officer Shelly Logemann, working with another mortgage company, RPM Mortgage, took files from WJB's computer systems.
The data taken had been provided to WJB in connection with loans, and included credit reports, Social Security numbers, bank account information, tax information and other personal data from loan applications.
"After discovering Ms. Logemann and RPM's breach, WJB obtained a court order requiring the return of all private information to WJB, prohibiting the defendants from sending that information to others, and requiring that Ms. Logemann and RPM destroy all copies of the information in their possession. ... WJB has no reason to believe that this information was distributed to the public at large," the notification letter states.
Still, the company says it's providing all those affected with free access to a "credit bureau service related to fraud alert," which will place fraud alerts on the users' credit files and provide them with free copies of their credit reports.

Stolen Computer Exposes New Jersey Patients' Data

The computer was taken from an unsecured filing room at Inspira Medical Center Vineland.

The Daily Journal reports that a computer containing patient information was recently stolen from New Jersey's Inspira Medical Center Vineland (h/t HealthITSecurity).
The computer, which was worth $2,800, was stolen from an unsecured filing room in the hospital's radiology department.
While the PC was password-protected, it's not yet clear whether or not it was encrypted.

It contained two 250 GB hard drives and a backup hard drive, and held some patient information, though the hospital is still working to determine exactly what data was on the drives.
Inspira spokesman Greg Potter told that the hospital will "take proper measures" once it determines what information was exposed.


Affinity Gaming Acknowledges Massive Data Breach

Between 280,000 and 300,000 customers' debit or credit card information was accessed.

Affinity Gaming recently announced that hackers breached the system used to process credit and debit cards for its casinos, and may have accessed the personal information of customers who visited any of a variety of Affinity gaming locations between March 14, 2013 and October 16, 2013.
The system used to process credit and debit cards at Affinity's Prism Center Gas Station in Primm, Nev., was also breached, beginning on an unknown date and ending on November 29, 2013.
SC Magazine reports that between 280,000 and 300,000 people were affected.
The company was contacted by law enforcement on October 24, 2013, regarding fraudulent charges that appeared to be linked to a data breach in Affinity's system.
Third-party forensic experts then determined that malware planted on Affinity's system resulted in the theft of credit card and debit card information for people who visited any of the following Affinity locations: Silver Sevens Hotel & Casino in Las Vegas, Nev.; Rail City Casino in Sparks, Nev.; Primm Valley Resort & Casino in Primm, Nev.; Buffalo Bill's Resort & Casino in Primm, Nev.; Whiskey Pete's Hotel & Casino in Primm, Nev.; Lakeside Hotel-Casino in Osceola, Iowa; St. Jo Frontier Casino in St. Joseph, Mo.; Mark Twain Casino in LaGrange, Mo.; Golden Gates Casino in Black Hawk, Colo; Golden Gulch Casino in Black Hawk, Colo; and Mardi Gras Casino in Black Hawk, Colo.
"Affinity is cooperating in the ongoing law enforcement investigation of the incident," the company said in a statement. "Affinity has also taken a number of measures to strengthen the security of our network and it has worked with legal and security vulnerability experts to help identify and implement additional appropriate safeguards."
While no identity theft protection services are being offered to those affected, the company is advising all those affected to place fraud alerts on their credit files.
Customers with questions are advised to contact (877) 238-2179.

TechMedia Network Admits Security Breach

Customers' names, mailing addresses, e-mail addresses, phone numbers, credit card numbers, expiration dates and CVV codes may have been accessed.

TechMedia Network recently began notifying an undisclosed number of customers that their personal information may have been exposed when hackers breached the company's systems in October and November of 2013.
The data that may have been accessed includes the customers' names, mailing addresses, e-mail addresses, phone numbers, credit card numbers, expiration dates and CVV codes.
"We truly regret that this incident occurred and understand that it may cause you concern," TechMedia Director of eCommerce Greg Dalby wrote in the notification letter [PDF]. "We have taken many steps necessary to address the incident and are committed to fully protecting all of your personal information. Also, we took additional steps to prevent this type of incident from happening again, including implementing enhanced security measures."
According to to a company press release, customers who used a credit card to purchase TechMedia products or services between October 4, 2013 and November 20, 2013 may be affected.
"To protect against the possibility [of] fraud, we urge all of our customers to remain vigilant, to review credit card account statements and to monitor credit reports for any unauthorized activity," the company said in a statement. "In addition, do NOT respond to any requests for sensitive personal information in relation to this incident. TechMedia will never request such information via email or telephone unless it is absolutely necessary to respond directly to a customer regarding how this incident may have impacted them."
All those affected are being offered a free year of identity protection services from AllClear ID.
Customers with questions are advised to contact (866) 648-2140.

Round Rock Independent School District Hacked

The hackers claimed that the default user name and password were still in place.

The Houston Chronicle reports that the entire Web site system of Texas' Round Rock Independent School District has been taken down after hackers posted obscene messages on several pages.
The hackers claimed on Hackforums that the user name for the system was "admin" and the password was "admin1" -- "idiots used default login/pass," they wrote.
"We have a third party managing the site (SharpSchool) and we have instructed them to take their time getting everything back up and running," Round Rock Independent School District executive director JoyLynn Occhiuzzi told the Chronicle. "We want them to pull everything together and protect as much information as possible about how this happened so we can make sure it doesn't happen again."
"It's disappointing that someone would take the time to hack into our Web sites, but on a positive note it was late at night at the weekend," Occhiuzzi added. "We are grateful it didn't happen during the day in a busy full time work week."
The school district says no student data was compromised as a result of the breach.