Tag Archives: SecurID

Exclusive Infographic: All Cyber Attacks on Military Aviation and Aerospace Industry

Cross Posted from TheAviationist.

2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).

read more

One Year Of Lulz (Part I)

Update December 26: 2011 is nearly gone and hence, here it is One Year Of Lulz (Part II)

This month I am a little late for the December Cyber Attacks Timeline. In the meantime, I decided to collect on a single table the main Cyber Attacks for this unforgettable year.

read more

The China Cyber Attacks Syndrome

A week ago, the Office of the National Counterintelligence Executive published a report to Congress concerning the use of cyber espionage to attempt to gain business and industrial secrets from US companies. Easily predictable, the results present a frightening picture!

read more

Phoning Home to China

A couple of weeks ago, during the RSA Conference in London, Tom Heiser, president of RSA declared that two separate hacker groups already known to authorities were behind the serious breach affecting tbe Security Firm early this year in March, and were likely working at the behest of a government. Heiser also declared that the attackers possessed inside information about the company’s computer naming conventions that helped their activity blend in with legitimate users on the network, concluding that, due to the sophistication of the breach:

read more

Finally I Saw One!

Update: F-Secure posted in their blog the complete description on how the patient 0 was found: And here it is the infamous “2011 recruitment plan message”.

Have a look to the fake sender: a message from beyond…

Original Post follows:

read more

Antisec hacks another Defense Contractor

Update August 19: As part of #FFF IV Antisec has released full torrent for Vanguard Defense Industries Hack.

The Antisec Typhoon seems unstoppable and has apparently hacked another Defense Contractor. Continuing their campaign against law enforcement agencies and related organizations, driven by the infamous hash #FFFriday, this time they have targeted Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI). During the Breach nearly 4,713 emails and thousands of documents were stolen.

read more

2011 Cyber Attacks (and Cyber Costs) Timeline (Updated)

Update: Cyber Attacks Timeline Update for July 2011

As already suggested, I considered the original 2011 Cyber Attacks Timeline graph by Thomson Reuters not enough complete since it did not show some important attacks occurred during this tremendous 2011. This is the reason why I decided to draw an enhanced version which shows, according to my personal opinion (and metric),  the list of 2011 major  cyber attacks both for size and impact. Moreover in this version I added the cost of the breaches (where possible), and the alleged kind of attack perpetrated.

read more

Application (In)Security in the Citi

Today some more details about the Citi breach were revealed and it looks like it is not connected with the RSA breach.

The investigation is still in place, but data collected so far show the kind of attack performed is pretty much more “traditional” then a SecureID clonation: the attackers were able to bypass the perimeter security systems by logging on the site reserved for credit card customers (but no one has explained so far how) were they were able to exploit some vulnerabilities on the Home Banking Web Site.

read more

Citigroup Breach and RSA Breach: A Possible Connection?

Citigroup Center Building - New York
Image via Wikipedia

Today Citigroup revealed that the company has been victim of a breach of its online banking platform, which might have exposed sensitive data belonging to about hundreds of thousands of Citi customers.

Citigroup owns approximately 21 million card customers, which means, in turn, that data of 200.000 cardholders have been impacted.

read more

Seeds For Free

An RSA SecurID SID800 token without USB connector
Image via Wikipedia

Another crucial episode in the affair of the RSA Breach. In a letter published yesterday by mean of the Executive Chairman Art Coviello, letter that will probably go into the annals of computer security, RSA has confirmed that information taken in March had been used as an element of an attempted broader attack on Lockheed Martin. This evidence was obtained, according to the company, on June the 2nd, and so far, the Lockeed Martin attack is the only one, among those (alleged) aimed to other contractors, which has been confirmed directly related to the use of compromised seeds.

read more