$300 million 'superhackers' are not so super after all

Hackers caught

Two of the five men named in an indictment last week, widely labelled "the largest ever hacking and data breach scheme in the United States", were caught thanks to some pretty obvious carelessness - they posted their holiday snaps online and let their mobile phones broadcast their location to the cops on their trail.

29-year-old Dmitriy Smilianets, thought to have been in charge of monetizing the credit card data heisted by the rest of the gang, maintained a jaunty presence on social networks and ran a globe-trotting online gaming team, according to Reuters.

When one of his travelling companions was identified as Vladimir Drinkman, a suspected confederate of convicted ringleader Albert Gonzalez, cops put two and two together and closed in.

Drinkman's phone was transmitting location data, allowing the law to pin the group down to a hotel in the Netherlands, where local police picked the two up as they prepared to board a tour bus.

Smilianets has been extradicted to the US, while Drinkman remains in the Netherlands battling extradiction.

$300 million 'superhackers' are not so super after all | The Naked Security

Plans to centralize cybersecurity with DHS seen as step forward

CSO - Plans for a $6 billion federal shopping hub to help government agencies protect their unclassified networks from cyberattacks sparked optimism among experts who believed the program could significantly improve security.

The Department of Homeland Security (DHS) could award contracts for the cybersecurity program as early as this month, Bloomberg reported. The so-called Continuous Diagnostics and Mitigation program could become the largest of its kind in the U.S. government.

The plan entails more than just providing security hardware, software and consulting services to federal, state and local agencies. The program would also act as an early warning system by continuously monitoring networks to identify vulnerabilities that could be exploited by hackers.

"The government is basically putting funds towards continuous monitoring with a focus on reducing the attack surface," Ron Gula, chief executive of Tenable Network Security, said on Wednesday. "This is a great thing."

Centralizing cybersecurity would also have the benefit of helping to create a standard architecture across agencies, Murray Jennex, an associate professor of information system security at San Diego State University, said.

Plans to centralize cybersecurity with DHS seen as step forward | The Network World

Feds Identify the Young Russians Behind the Top U.S. Cyber Thefts in Last 7 Years

Cyber thefts

Four Russians and one Ukrainian have been charged with masterminding a massive hacking spree that was responsible for stealing more than 160 million bank card numbers from companies in the U.S. over a seven-year period.

The alleged hackers were behind some of the most notorious breaches for which hacker Albert Gonzalez was convicted in 2010 and is currently serving multiple 20-year sentences simultaneously. The indictments clear up a years-long mystery about two hackers involved in those attacks who were known previously only as Grig and Annex and were listed in indictments against Gonzalez as working with him to breach several large U.S. businesses, but who have not been identified until now.

The hackers continued their activities long after Gonzalez was convicted, however. According to the indictment, filed in New Jersey, their spree ran from 2005 to July 2012, penetrating the networks of several of the largest payment processing companies in the world, as well as national retail outlets and financial institutions in the U.S. and elsewhere, resulting in losses exceeding $300 million to the companies.

Feds Identify the Young Russians Behind the Top U.S. Cyber Thefts in Last 7 Years | The Wired

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.

What Ubuntu Forums knows about security breach:

• Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
• The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you arestrongly encouraged to change the password on the other service ASAP.
• Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

Ubuntu Forums is down for maintenance | Ubuntuforums.org

Apple took three days to tell developers about a site hack

For three days now, anyone trying to access Apple's members-only developer page has been greeted with the following message:

Apple`s developer page

And on Sunday, the company finally explained why: Their developer site was the target of a hack that may have compromised the security of some development site users' names, email addresses, and mailing addresses. And while the company says that any sensitive information taken is safely encrypted, some developers with accounts at the site have reported unauthorized, and repeated, password reset requests. 

Apple took three days to tell developers about a site hack | The Atlantic Wire

FEMA hacked: Anonymous hacks US server in defense of Snowden and government transparency

Hackers from within the Anonymous collective claim to have broken into a server used by the Federal Emergency Management Agency (FEMA) and say they will release the stolen data in what would be one of the highest-profile security breaches since the release of secret NSA documents by Edward Snowden.

FEMA hacked

In a document shared with GlobalPost on Tuesday night and published online Wednesday, the hacker collective revealed data that includes information on user accounts and passwords of what appear to be government employees. Several of the email addresses linked to those user accounts are hosted on .mil and .gov domains.

FEMA did not respond to requests for comment from GlobalPost on Wednesday.

Anonymous hacks US server in defense of Snowden and government transparency | Global Post