- This topic has 0 replies, 1 voice, and was last updated 9 years, 9 months ago by
.
-
Posts
-
Hacks, Hijacks and Hunts for Chinese Data Thieves
By John P. Mello Jr.Hijacked Twitter accounts, a report charging the Chinese military with fostering an elite hacker unit, and continued Java woes highlighted last week’s security news. "Java is the flavor of the day for hackers," said Jamz Yaneza, threat research manager at Trend Micro. "It’s making everyone nervous."
Still smarting from a recent attack on its systems, Facebook started its week with a discovery by researchers at Bitdefender that an infected add-on at the Chrome Web Store was planting malware on its members’ computers. The malware, among other things, was padding the Like counts on dummy Facebook pages.
Once the pages, which are often completely devoid of content, rack up enough Likes, their creators can sell them on the black market. Buyers will use them to sell knock-off products or spread messages with malicious links to Facebook members. A page with 100,000 Likes can sell for US$150-$200.
Brand Hijacks on Twitter
Burger King’s followers on Twitter may have wondered last week if a palace coup was underway. The fast food company’s account was hacked, and the hijackers replaced the account’s profile picture with one displaying food from archrival McDonalds. Text on the image declared The King had been sold to Mickey D’s because "the Whopper flopped."
Other items posted to the account by the hijackers were less innocuous. They included messages with vulgarity, racial epithets and a photo of a person injecting drugs in a bathroom with the implication he worked for the fast food chain.
Emboldened by the publicity their Burger King stunt produced, the hijackers performed an encore the next day with Jeep’s Twitter account. The feed proclaimed that the division of Chrysler had been sold to GM’s Cadillac subsidiary.
Most of the rest of the content fed into Jeep’s Twitter feed was obnoxious material recycled from the Burger King hack.
Although annoying, the brand hijack actually provided benefits to Burger King. Its Twitter followers jumped from 77,000 before the hack to more than 111,000.
Things couldn’t have gone better for Burger King if it had planned the hack, so that’s what MTV and BET did. The two cable networks — both Viacom properties — hijacked each other’s Twitter accounts as a publicity stunt, which only managed to produce more outrage than followers.
The Twitter hijackings generated headlines but no significant damage to the companies involved, noted Rocco Pendola, director of social media for TheStreet.com.
"It’s not a big deal because we’re not dealing with customers’ private informaton," he told TechNewsWorld. "At the end of the day, it’s only a minor inconvenience for them. And if they’re smart, they can turn it into an opportunity."
Chinese Cyberbandits
Mandiant, a company known in security circles but less so to the public, moved into the mainstream media spotlight when it released a stinging report charging that the Chinese Army was backing a computer hacking group responsible for system break-ins at 141 companies worldwide.
The report comes on the heels of much-publicized breaches at U.S. media outlets, including The New York Times, by intruders alleged to originate in China.
Mandiant’s investigation revealed that the Chinese government is directing the People’s Liberation Army to commit systematic cyberespionage and data theft against organizations around the world.
China denied the claims in the Mandiant report.
Java’s Turn
Chinese hackers weren’t the only ones attracting the security community’s attention last week. A favorite hacker attraction, Java, was targeted once again, and Apple was part of the collateral damage.
The company revealed that some of its internal systems had been infected by drive-by malware planted at a developer’s website frequented by Apple employees. Facebook employees had recently been trapped by the same malware at the website.
Apple was able to isolate the infected computers. It said no data was taken from the company.
Shortly after Apple’s disclosure of the infections, it and Oracle pushed out fixes to address the vulnerabilities exploited in the drive-by attacks.
Oracle is going through what Microsoft and Adobe have experienced with their software, Jamz Yaneza, threat research manager at Trend Micro, told TechNewsWorld. Now it’s Java’s turn.
Oracle needs to do more work if Java is to remain viable, said Symantec security researcher Liam O’Murchu. "We’re going to see fewer and fewer people using Java," he told TechNewsWorld, "or a better response from Oracle with a more focused approach on security and vulnerabilities."
- You must be logged in to reply to this topic.